You are not NAT'ing from 10.200.200.0/24 which is the address pool for your VPN clients. If you want to get out over the net you will have to remove the line below.
Mike On 6/17/11 2:18 PM, "Bill Duffy" <secur...@4duffy.com> wrote: >access-list nonat extended permit ip 10.200.200.0 255.255.255.0 any _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/