Send us a diagram of the network, it would help us a lot! De : thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] De la part de Chad Schneider (IT) Envoyé : 29 avril 2008 14:09 À : thin@xxxxxxxxxxxxx Objet : [THIN] Re: CAG SSL VPN Default Gateway of the appliance is external. We specifiy internal default gateway with internal IP Pools. Split tunneling is not enabled. Split DNS is not enabled. Chad Schneider Systems Engineer ThedaCare IT 920-735-7615 >>> On 4/29/2008 at 11:43 AM, <steveg@xxxxxxxxxxxxxx> wrote: Did you set the default gateway of the CAG to be the LAN connection or the outside connection of the CAG? Also, how is Split Tunnelling and Split DNS set? Steve Greenberg [cid:image001.png@01C8AA41.1FBF5C50]Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85266 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx ________________________________ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Chad Schneider (IT) Sent: Tuesday, April 29, 2008 5:59 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] CAG SSL VPN Our internet team, put in a new firewall. Since this happened, making an SSL VPN connection to us via the CAG, we can no longer get to websites outside of Thedacare. Unable to even ping. Internet team states firewall is configured the same as old one (not possible, as that one worked). They state that users get through the firewall, to the CAG, and get the internal IP, as designed. The problem is that requests for external websites then go back ou through the CAG external interface, back to the firewall. I am not sure this is right. I thought that once they got an internal IP, all traffic would be internal, and internet traffic would be routed through the internal interface, then back out through the firewall. Thoughts? Chad Schneider Systems Engineer ThedaCare IT 920-735-7615