CAG Standard Edition.... We have proven, SSL VPN connection from the internet to our CAG, all external internet traffic for those clients, hairpins back out the external interface on the CAG. The point of creating an SSL VPN tunnel, in my mind, is to force ALL traffic through our internal network. We do not have split tunneling on, and do not want it on. Even if we turn on IP Pools, giving the clients an IP and Default gateway on our internal network, all external internet bound traffic never gets to the inside, it hairpins back to the outside. Why is this? Chad Schneider Systems Engineer ThedaCare IT 920-735-7615