Remote VPN Question

cisconoobie · ‎06-21-2007

With Split-tunneling enabled, I connect via the cisco vpn client.

I get a new route. The VPN Server gives me an IP from the dhcp pool.

If I check the route, it shows up that the gateway for the networks allowed behind the vpn server is set to the IP that I received from the dhcp pool.

How does this process work?

So packets sent to the allowed vpned networks get sent through the client IP Address?

Someone please explain the process.

pstebner1 · ‎06-21-2007

With split-tunneling, your vpn client will take any packet bound for the network where your vpn endpoint sits and encrypt it, then send it through the ipsec tunnel. Any packet destined elsewhere will simply be routed to the internet or wherever else with no encryption.

Your default gateway for the vpn is your dhcp provided address because your nic will forward traffic to your vpn adapter (gateway) if it is destined for the tunnel.

I probably could have explained that better...:-)

HTH,

Paul

cisconoobie · ‎06-21-2007

Ok So the packet gets encrypted and sent throught the vpn tunnel. Now the firewall needs to make a decision on where this packet should go.

Anyone know how the firewall sends this packet. I read that the firewall does not do any routing.

I'm just looking for the steps.

pstebner1 · ‎06-22-2007

A PIX can do some routing, but is not really a true router. If you do a 'sh route' from the enable mode of a PIX it will show you what networks it sees. You can also issue internal routing statements. Newer IOS versions even support some basic OSPF commands.

HTH,

Paul