Hi Andy, thanks for the reply.
What we have is a VPN user group where members are using IKE,XAUTH. This provides them with an IP Adddress from a Pool (10.10.100.1 ..... /24) and some DNS settings. The client can login in fine and can resolve names to IP addresses on the Internet from a local DNS server.
AutoKey IKE is bound to tunnel.1
There is an unTrust to Trust policy which was created when the VPN Wizard was used which is just an any - any - permit.
On the Interface List, Tunnel.1 is unnumbered, in the untrust zone and type tunnel
There are no specific routes which determine how to route from the tunnel to untrust or 0.0.0.0 /0 for the tunnel
Cheers
Lance