06-21-2007 08:46 AM - edited 02-21-2020 03:07 PM
With Split-tunneling enabled, I connect via the cisco vpn client.
I get a new route. The VPN Server gives me an IP from the dhcp pool.
If I check the route, it shows up that the gateway for the networks allowed behind the vpn server is set to the IP that I received from the dhcp pool.
How does this process work?
So packets sent to the allowed vpned networks get sent through the client IP Address?
Someone please explain the process.
06-21-2007 01:23 PM
With split-tunneling, your vpn client will take any packet bound for the network where your vpn endpoint sits and encrypt it, then send it through the ipsec tunnel. Any packet destined elsewhere will simply be routed to the internet or wherever else with no encryption.
Your default gateway for the vpn is your dhcp provided address because your nic will forward traffic to your vpn adapter (gateway) if it is destined for the tunnel.
I probably could have explained that better...:-)
HTH,
Paul
06-21-2007 05:57 PM
Ok So the packet gets encrypted and sent throught the vpn tunnel. Now the firewall needs to make a decision on where this packet should go.
Anyone know how the firewall sends this packet. I read that the firewall does not do any routing.
I'm just looking for the steps.
06-22-2007 07:13 AM
A PIX can do some routing, but is not really a true router. If you do a 'sh route' from the enable mode of a PIX it will show you what networks it sees. You can also issue internal routing statements. Newer IOS versions even support some basic OSPF commands.
HTH,
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide