Mobile IPSEC VPN and Internet Access
Did some digging through the forums, but can't seem to find my own answer. Thanks in advance for any help.
I'm testing out a mobile IPSEC VPN and everything works great except internet access. I'm not using a split tunnel and we are using policy based routing on a M500 with two external interfaces. The VPN clients are using a virtual IP pool that is different from all of our trusted/optional networks. I've added the network address for the IP pool to our Dynamic NAT settings and specified External-A as the external interface. I've also added the IPSEC user group to our HTTP, HTTPS and TCP-Outgoing policies. PBR settings for these policies also use External-A.
When trying to hit the web I can resolve internal and external hostnames (via our internal DNS servers), but I can't connect to any external sites (timeout). In traffic monitor, it looks like traffic from the VPN client is being routed out of my other external interface (External-B) instead of the interface specified in my policies and NAT.
What am I missing?