cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
519
Views
0
Helpful
3
Replies

Cisco VPN client, PIX and proxy

IgorHamzic
Level 1
Level 1

Hi.I have the following problem in my company. We have users that are going through a proxy server located on the DMZ side of a PIX to the internet(allowed through the DMZ ACL to the outside etc.).That works great.

The problem arises when they use a Cisco VPN client to connect to another company and they cannot access the Internet anymore but can work over VPN on a remote site(Cisco client has been allowed through the PIX). Everything returns to normal when they don't use the VPN client anymore.

Any ideas why this would happen?

1 Accepted Solution

Accepted Solutions

Without the proxy either you browse the internet over the vpn connection, or split-tunnel is configured and you exit locally. In case split-tunnel is configured, the proxy-server ip address could be overlapping with the remote protected network.

Fortunately it is easy for you to find out how the vpn is configured, just check the route details tab of the vpn client's statistics.

Check the local pc routing table will also help you troubleshoot this issue.

View solution in original post

3 Replies 3

mattiaseriksson
Level 3
Level 3

I have an idea. The default behaviour of the Cisco VPN Client is to tunnel everything to the remote site. If your users only want to tunnel some traffic and access your own network at the same time, they would have to configure split-tunneling at the remote vpn site. Not all companies allow that though, you have to find out.

And one more thing that I just noticed is that if you disable the proxy in the Internet browser you can browse the Internet and do the work over VPN.Did on my PC though as few of us can access the Internet without the use of a proxy.

Don't know if it's connected to the split tunnel story though.

Without the proxy either you browse the internet over the vpn connection, or split-tunnel is configured and you exit locally. In case split-tunnel is configured, the proxy-server ip address could be overlapping with the remote protected network.

Fortunately it is easy for you to find out how the vpn is configured, just check the route details tab of the vpn client's statistics.

Check the local pc routing table will also help you troubleshoot this issue.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: