We will say again...have you looked at all the routes and determined that the gateway is configured properly to direct all request to the inside? Did you make the public interface eth0 or eth1? Steve Greenberg Thin Client Computing 34522 N. Scottsdale Rd D8453 Scottsdale, AZ 85266 (602) 432-8649 www.thinclient.net steveg@xxxxxxxxxxxxxx _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Chad Schneider (IT) Sent: Monday, May 12, 2008 12:44 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] I will ask again... CAG Standard Edition.... We have proven, SSL VPN connection from the internet to our CAG, all external internet traffic for those clients, hairpins back out the external interface on the CAG. The point of creating an SSL VPN tunnel, in my mind, is to force ALL traffic through our internal network. We do not have split tunneling on, and do not want it on. Even if we turn on IP Pools, giving the clients an IP and Default gateway on our internal network, all external internet bound traffic never gets to the inside, it hairpins back to the outside. Why is this? Chad Schneider Systems Engineer ThedaCare IT 920-735-7615