Internet Access through IPSec VPN to PIX Without Spil Tunneling

Unanswered Question

Is it possible to configure a PIX 501 to allow internet access for a Cisco VPN Client 4.8 without Split tunneling.

The idea would be to have all raffic traverse the tunnel, be routed out the local WAN link on the PIX and then have the reply be forwarded back to the client over the IPSec tunnel.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Kamal Malhotra Sun, 02/18/2007 - 22:41


No. The only other possibility is to have a proxy server behind the PIX to allow the internet access. The PIX will not route back out the same WAN interface.



Thanks for the reply's. This is what I feared... I was aware of the interface traversal restrictions but wasn't sure how that worked with the packet getting decrypted onto the inside interface.

I didn't think of the Proxy though... and appreciate the feedback! Thanks again.

BTW: Is there a reference that you are aware of for the 7.x code for this functionality?

kaachary Mon, 02/19/2007 - 03:10


PIX ver 6.x doesn't support traffic redirection on any of its Interfaces. The capability as introduced in PIX 7.0 code. The minimum HW requirement to load a 7.0 code, is to have a PIX 515E.




This Discussion