We have a VPN 3002 concentrator with it's public interface on our "DMZ". The private interface of the concentrator is on our "Internal" network. Our PIX515 isolated these two networks from each other and the "external" network. (ie: Internet)
When people establish VPN connections to the concentrator using the no-split tunnel option they can access internal hosts as needed but they can't surf the internet. Our internal networks core routers are configure to use the "internal" interface of the PIX as the default gateway and to send any traffic to the VPN to the concentrators "private" interfaces. The VPN concentrator in turn uses the PIX interface on the DMZ as it's default GW. The PIX then goes out to our T1.
I've been told this is normal behavior for VPN style connections where the no-split tunnel option is used. From what I understand the only way around it is to use the HTTP proxy server option in the Concentrators configuration options.
Just wondering if this is correct?