Wireless Access

All of my VIA VPN split tunnel profiles work like a champ. Now I am trying to put together a full tunnel profile for some of our travelling peeps so that they can connect securly over unsecure hotel wifi. I have the full tunnel profile and associated rules in place and it does indeed work, I can get various internal VLANs and assetts, but there is no internet access and that is whan I need.

What am I missing?

Well, I have inter vlan routing enabled as well as source NAT inside enabled. I can indeed get to all of my other internal VLANs but no access to the outside universe.

The few RAPs that I have in full tunnel mode work just fine, so maybe that lulled me into a false sense of accomplishment LOL

My primary VLAN (110) gets out to the universe just fine (scr natting box checked), no worries there. I created a new VLAN (112) for the full tunnel VPN (also src natting box checked). I gave its role an allow all rule for spin up/testing. When connected to the full tunnel VPN, I can indeed access other internal VLANs, including my primary and all of its assets, but cannot get out to the internet.

So, the default routing works for VLAN 110 but not for VLAN 112.

VIA client addresses come from an address pool which may or may not overlap with VLAN space. Check the traffic leaving the controller to verify that your VIA full-tunnel users are being NATed to verify proper return path/etc.