I have a remote office connected to my main network using ezvpn in network extension mode. The remote site is using a 2651XM router and the server is a 3000 concentrator. The main goal of this solution was that both networks be fully viable to each other. The currently used DSL at the remote office will be replaced with private fiber in the next year and I don't want to have to readdress either side.
I got it up and running for the most part. The problem now is that the remote office can't access the public internet. I am not using split tunneling because the docs I read said that split tunneling didn't work with ezvpn in network extension mode. So, all my public internet traffic is being sent back up to my vpn concentrator. Any traffic that doesn't have a static route back into my internal network (the private interface) doesn't work. The default route is via the public interface.
So, I need some help. Here are some questions I could use answers or pointers for:
1) can I do source routing so any traffic _from_ my remote office goes into my internal network and, eventually, out through the normal firewall egress point?2) am I missing something obvious? A NAT translation or something?
3) Am I wrong about split tunneling? Can I use it with ezvpn?4) should I abandon ezvpn and implement it the hard way, allowing me to use split tunneling? If I do this can I implement the network extension behaviour I want (where hosts on each side of the VPN can directly address the other?
Thanks for any pointers.
--John