This is more of a conversation, looking for input on some issues that have come up while trying to get L2TP in place.
The PIX in question (Pix 515 ver 6.3) has been running a VPN in tunnel mode that allowed cisco VPN clients to connect. However, a change in the network layout has the PIX outside interface IP address change to a private address. A Load balancer now sits infront of the PIX. From my reading, i had to change my VPN from tunnel to transport mode. Since the VPN call would be made to the Load balancer interface, which would then NAT to the Outside PIX interface. This NAT process would break IPSEC Transport, and tunnel is what i went with. In so far could someone please tell me if this decision was correct? As the direction i took led me to the next question:
L2TP Transport mode is what i have now deployed in my test environment. Works fine. Except for Split tunneling. L2TP does not support split tunneling. This is what i have read so far and i could be wrong. But so far it does not suport split tunneling. I thus have 2 questions as regards split tunneling:
What are the thoughts on split tunneling and the dangers it poses to a network when enabled, And are there any work arounds to allowing clients connected to the VPN via L2TP access to the Internet?
many thanks for your time.