I have a Cisco ASA 5510 firewall that has been acting only as a firewall up until now. I'm trying to set it up so that clients can connect remotely with a software VPN client on their laptop. I have it all working up through the client VPNs connecting back, authenticating, and they can access internal resources. The problem is they can't get to the Internet. I am tunneling everything through (no split tunnels). I believe it to be a NAT issue because if I enter these commands then it works:
same-security-traffic permit intra-interface
nat (EXTERNAL) 1 10.10.10.0 255.255.255.0
Here I use 10.10.10.0 as the network I'm using for my VPN network.
So once I do this, everything works.. but... I notice that the VPN clients then are not filtered by our content filtering device that the internal people are filtered by. It's like when I have it setup with the commands above it knows how to go to the Internet without passing through the way that everything else does. Our content filtering device is a passthrough device, not a proxy, and it just acts as a bridge between our internal network and the firewall.
I need to make sure the VPN clients that connect up go through the same content filtering that the internal people currently do.