Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN clients and external routing

First time post, hope this question is in the correct location.

Have configured a 2821 successfully to accept VPN connections from clients. They log in, have access to the internal network (, so no problem there. They just simply cannot get back out on the Internet and I would prefer disallowing split tunneling. Rather, they can access my internal work network via VPN and then route out my network and also browse the Internet; i.e. force them back out through Gi0/0 and make them have one of our external facing IP addresses. Our viable outside addresses consist of a /25 block, starting with 64.244.xx.1 up to .127.

Since users connect on Gi0/0 for VPN access or to 64.244.xx.2, I was wondering if it were possible to force them back out this same port for Internet connectivity?

I have tried giving them an IP in the block and then NAT'ing that connection out, but to no avail. I'd rather prefer setting aside some IPs in the outside block or 64.244.xx.x subnet and have it appear they originate from .92 through .127.

We also have a collocation facility elsewhere. By forcing them to use our outside IP addresses, I can make them appear to be coming from my office network and can firewall all other users, thereby allowing only my users in.

Is what I am asking here even possible without enabling VPN split tunneling?

Am including my current config. Any suggestions are appreciated and welcome.

Thanks much. Happy to provide any additional information.

  • Security Management
New Member

Re: VPN clients and external routing

Apologies for the long message. IN a nutshell, just want to route connected VPN users back out Gi0/0 for Internet connectivity, giving them an outside IP.


This widget could not be displayed.