Hi all,

My internet provider is giving me two ip classes (/29) that are routed to my external IP (applied to Gi0/0)

I configured split tunneling on my router like described here:

http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml

I adapted it to my settings. I have both static nat and pat enabled. Split tunneling works fine, my clients connect and can reach almost the internal network. The problem is that clients cannot reach servers that have static nat in my config. I'm posting below relevant information:

...

interface GigabitEthernet0/0

description WAN

ip address 89.xxx.yyy.zzz 255.255.255.0

ip access-group 150 in

no ip redirects

no ip unreachables

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

media-type rj45

crypto map clientmap

...

interface Loopback0

ip address 85.186.xxx.ddd 255.255.255.248

...

interface Loopback1

ip address 85.186.xxx.eee 255.255.255.248

...

interface GigabitEthernet0/1.10

description LAN-DATA

encapsulation dot1Q 10

ip address 10.10.10.1 255.255.255.0

ip flow ingress

ip nat inside

ip virtual-reassembly

no cdp enable

...

ip local pool VPN_POOL_1 192.168.180.1 192.168.180.14

...

ip nat inside source list 111 interface GigabitEthernet0/0 overload

ip nat inside source static 10.10.10.16 85.186.xx.aaa extendable

ip nat inside source static 10.10.10.16 85.186.xx.bbb extendable

ip nat inside source static 10.10.10.2 85.186.xx.ccc extendable

ip nat inside source static 10.10.10.9 85.186.xx.ddd extendable

...

access-list 101 permit ip 10.10.0.0 0.0.255.255 192.168.180.0 0.0.0.15

access-list 111 deny   ip 10.10.10.0 0.0.0.255 192.168.180.0 0.0.0.15

access-list 111 permit ip 10.10.0.0 0.0.255.255 any

...

Can you please help me with a workaround to be able to reach 10.10.10.16, 10.10.10.2 and 10.10.10.9 from my vpn clients ip 192.168.180.0/28?

I can reach all other internal IP's like 10.10.10.5....

Thanks all for your help!