I have a pair of ASA 5550s. I have several groups set up with multiple split tunneling configurations working just fine. Folks are connecting through anyconnect and life is good. However, I have an employee working at a site where they filter the Internet in a way that impares the work they are asking her to do. In this case I would like to bring all of her traffic through the VPN where she can access both our internal resources and access the Internet using our connection instead, thereby giving her our unfiltered access. Is that possible? All routing seems to die once it hits the outside interface. We are not doing any NAT. The VPN pools are using public addressing. The default route for the ASAs are set to the next hop on the public side. This should work shouldn't it? I thought I would ask that question before I start posting configs.