I need to allow VPN traffic to flow through an ASA 5505 to another VPN target (spoke to spoke).
I have a remote VPN connection to an ASA 5505 using Cisco VPN Client. It is configured and I am able to connect to the ASA inside interface (LAN). I need to know how to allow traffic to go back out the outside interface across a site to site VPN connection (essentially using the ASA as a VPN Proxy). The local firewall at the other end of the site to site connection cannot accept VPN client connections directly so I am trying to use the ASA as a gateway leveraging the site to site VPN connection.
I had attempted to create an acl entry on the inside interface allowing traffic from the ASA's LAN subnet to the remote site LAN subnet. However this prevented normal internet traffic from going out the firewall and did not route traffic to the remote site as desired.
The same rule on the outside interface does nothing.
I am also unable to find where NAT exemptions are configured for the VPN in order to control which targets are permitted on the LAN for VPN Users. It appears in the wizard once where you can set allowed hosts however I cannot find it later in the Tunnel Group or Group Policy.