Currently we are allowing remote access vpn users access to the Internet, our setup is as follows:
group-policy VPN attributes dns-server value 192.168.100.10
vpn-filter none vpn-tunnel-protocol IPSec split-tunnel-policy tunnelspecified split-tunnel-network-list value split
access-list split standard permit 192.0.0.0 255.0.0.0
We need to change this setup such that remote access vpn users can still access the internal network (192.0.0.0 255.0.0.0) but NOT allow them Internet access, in other words everything should remain the same but we need Internet blocked.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...