I'm trying to route my incoming VPN clients through a Cisco NAC appliance, to check for anti-virus/updates/etc. To perform this I need to route the VPN client internet traffic through the subnet of the NAC appliance. The ISA server has 3 NICs - internal, external, and a third I called VPN, which is connected to the NAC appliance subnet (192.168.2.0). The VPN clients are successfully receiving DHCP addresses from the 192.168.2.0 subnet, but are still attempting to surf via the 'External' NIC of the ISA server. Is there a method to prevent the use of the default gateway of the ISA server, and instead route the VPN clients out the 'VPN' NIC for internet traffic?
this isn't split tunneling, it's Policy Based Routing, which at last check, can't be done. I believe if you want NAC on a VPN tunnel you have two choices.... with ISA you can write your own script to help perform posture assessment (there are guides for that config, but I can't seem to find a URL tonight) or you can terminate the VPN's to a Cisco VPN device, which can use your Cisco NAC appliance.