Ok here is the situation I have amobility controller plugged into the web, and into an internal network firewall, I have multiple RAP's connected to it via IPSEC, the raps connect and get their vlan/IP information from the mobility controller, where I can asign different gateways, iphelper addresses etc . Pretty straight forward.
here is the sticky part. I want to add VIA Clients to the same controller, useing the same dedicated inbound internet pipe. I want to route all VIA user traffic inbound to the corporate network firewalls and out anopther pipe that has all the wizbang internet firewall and web filtering stuff, a coporation should have infront of their users. I do not want to split tunnel - I want everything coming in and being handled by the controller and passed off to the downstream firewalls.
Do to the fact the Via client configuration utilizes ip addresses assigned by an "ip pool", and not DHCP (either via a helper, or the DHCP server on board the controller) the clients simply get an IP, the DNS settings are provided to the clients by the ipsec profile. Making the default gateway for via clients is essentially the controller itself. (non split tunnel) or the Via Client itself (split tunnel) this is where my problem lies.
The via client can connect, and route to whatever internal vlan's I asign/allow in the profile, however if I open a valid internet address (google.com) on the client machine, the data flows from the controller back out the same internet pipe the VIA Client connection came in on, as it sees itself as conencted to the web.
How can I assign a default gateway other than that of the controller, or the of via client external interface. (Is it even possible)?.