Is there a way to make network connect traffic route to the IVE's default gateway for hosts on the same subnet as the IVE? For instance if you have the internal IP of the IVE in a DMZ as 192.168.1.10 /24 with a default gateway of 192.168.1.1, and you define a network connect pool of 192.168.2.0 /24 then anytime a network connect client connects to a resource in the 192.168.1.X subnet you will have asynchronous routing. If a network connect IP (192.168.2.30) goes to a host at 192.168.1.50 then it will go through the IVE's local area interface directly to the server. However, the server will send that response traffic back to the default gateway and if it is a DMZ where the default gateway is a firewall then the traffic is dropped.

I see several different workarounds:

- Static Routes on DMZ subnet hosts for Network Connect Pool - This isn't ideal for configuration reasons.
- Network Connect Pool in same subnet as IVE - This isn't ideal as I don't want the VPN IP's to be listed as DMZ ip's.
- Allow Asynchronous Routing through a router - Not going to happen as a firewall is used.
- Build a seperate DMZ with just the IVE in it - Possibly in the future with our architecture.

What I'm looking for is that all Network Connect traffic goes to a default gateway ip. With Cisco VPN tunnels we are able to use a default static route with the "tunneled" option after it to accomplish this.

Anyone have any ideas or suggestions for how to accomplish this on the SSL VPN?