Hi Aruba,
I'm wondering if someone could help me. i'm setting up split tunnel in a RAP. I've managed to make the ssid to be up, a user can connect to the ssid and i can see in the monitoring that the user is in split-tunnel. The user is getting an IP address in their range at the remote site (10.84.3.0 /24), he has a default gateway as well (10.84.3.9). however they can't do anything, they can't go internet, they can't reach any IP at the HQ (10.27.0.0/24) and worse they can't even ping their local default gateway (10.84.3.9). My firewall policy is as follows....
any any svc-dhcp permit
any any svc-dns permit
any any svc-gre permit
user HQ any permit
user any any route src-nat
The alias HQ contains the network IP address of our HQ. I don't know if i'm missing something here. I've played with the firewall policy but no success. The connection between our HQ and remote site is through Site-to-Site VPN. I hope someone can help me.
Thanks in advance.
Richard.