Thats correct. Split Tunneling also considered as Security Threat since all traffic doesn't goes thru your corporate network and internet policies doesn't apply. If you are not in production, you can try to add a static route for google and try. That might work. I will confirm once I play with that more.... Saravanan "Chad Schneider (IT)" <Chad.M.Schneider@xxxxxxxxxxxxx> wrote: If I enable Split Tunneling...and set my network access list, I can get this to work. That is a band aid, I would rather not use split tunneling. I feel, if the users are making an SSL VPN connection, I want all traffic routed through the CAG. So, how do I tell the CAG to route internet traffic, via the CAG? It works with static routes for the inside network, (default gateway on CAG set to external (0)). How do I configure it for the outside? >>> Saravanan Srinivasan <sarav2k@xxxxxxxxx> 11/20/2007 7:49 PM >>> This is related to Routes on your CAG, You probably have Static routes. I am still working on the same thing. After I added a route like this eth1 64.0.0.0 255.0.0.0 GW I was able to browse google. but I started getting some vpn issues. I may have to figure out what is the right route I need to add. Hope this helps Saravanan Steve Greenberg <steveg@xxxxxxxxxxxxxx> wrote: v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} st1\:*{behavior:url(#default#ieooui) } Check your default gateway, you obviously have on for the insider, you might not have one set for going outward? Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85262 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx --------------------------------- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Chad Schneider (IT) Sent: Tuesday, November 20, 2007 8:37 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] CAG All seems well, SSL VPN working great for all internal items. What I have found, is that access to web pages outside the network, such as dell.com, google.com,. etc., fail. Split tunneling is disabled. All traffic should be going through the CAG, and should work fine. Chad Schneider Systems Engineer ThedaCare IT 920-735-7615