02-18-2007 09:29 AM - edited 02-21-2020 02:52 PM
Is it possible to configure a PIX 501 to allow internet access for a Cisco VPN Client 4.8 without Split tunneling.
The idea would be to have all raffic traverse the tunnel, be routed out the local WAN link on the PIX and then have the reply be forwarded back to the client over the IPSec tunnel.
Thanks.
02-18-2007 10:41 PM
Hi,
No. The only other possibility is to have a proxy server behind the PIX to allow the internet access. The PIX will not route back out the same WAN interface.
HTH,
Kamal
02-19-2007 04:14 AM
Thanks for the reply's. This is what I feared... I was aware of the interface traversal restrictions but wasn't sure how that worked with the packet getting decrypted onto the inside interface.
I didn't think of the Proxy though... and appreciate the feedback! Thanks again.
BTW: Is there a reference that you are aware of for the 7.x code for this functionality?
02-19-2007 05:54 AM
Hi Matt,
Here's the config example for 7.x:
Please rate the post if it helped.
-Kanishka
11-20-2012 12:36 AM
Very interesting link guys!
Really helped me out!
02-19-2007 03:10 AM
Hi,
PIX ver 6.x doesn't support traffic redirection on any of its Interfaces. The capability as introduced in PIX 7.0 code. The minimum HW requirement to load a 7.0 code, is to have a PIX 515E.
HTH,
-Kanishka
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide