Can not access office Internet from Home via VPN client

Unanswered Question
Jan 15th, 2008

Hi all,

I got one pix firewall at my office but the problem is I can access other resources at my office except for internet connection when I remote VPN from Home. Any problem with my pix config?? (Config as attached). Really need kind advice. Tq

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
pjhenriqs Wed, 01/16/2008 - 02:55


I see two things.

First your NAT exempt access-list could be just:

access-list inside_outbound_nat0_acl permit ip any

You don't need the deny statements if they are being denied after this entry. But still it would not be a reason for not working.

The problem is that you are using this same access-liat for your split tunneling and the access-list should be something like...

access-list remote_access_splitTunnelAcl permit ip any

(because is your inside LAN)

Check out this configuration example which might help you understand:



aansatosorigin Thu, 01/17/2008 - 01:50

Hi Paulo,

I already tested but not works. By the way, I issue a command "sh crypto isakmp sa", theres no IPsec session established. Is that possible?? I really not sure. And when I check "ipconfig" at my laptop, I got similar IP address and default gateway, for example for both IP address. Is there possible problem?? Really need your advice. Thank you.

pjhenriqs Thu, 01/17/2008 - 02:57


Can you put the configuration here again so I can see what you changed?

If you do "ipconfig" on your laptop after logging into the VPN you should see two different subnets (if the split-tunneling is correctly configured): the one your router gives you for the Internet, and the one you configure for the VPN.



aansatosorigin Thu, 01/17/2008 - 18:58

Hi Paulo,

Please refer as attached configuration. For your information,for VPN client IP, when I issue "ipconfig", my laptop IP address is and the default gateway also, is this ok?? Thanks so much for your continuous support. I really appreciate it. Thank you.

pjhenriqs Fri, 01/18/2008 - 06:48


I was just comparing it to my configs and I am not seeing anything wrong to be honest.

Can you try just putting the NAT exempt as the following line, instead of having all the deny statements there?

access-list inside_outbound_nat0_acl permit ip any

With which group are you trying? Tekmal1?


Paulo Henriques

aansatosorigin Fri, 01/18/2008 - 10:51

Hi Paulo Henriques,

Yes, Tekma1. By the way, is there any effect if I remove "pdm location"?? What is this command actual role?? Looks crowded. One more thing, is that possible to increase the internet connection speed on firewall configuration?? Any approach to follow to configure firewall to avoid slowness to the internet connection??I will try to test again then as advice and I ll definitely update you. Thanks so much!!

its me,


aansatosorigin Tue, 01/22/2008 - 03:20

Hi Paulo,

Yes!! Its works...but why the internet connection quite slow...hope you can advise. Thanks so much!!

pjhenriqs Tue, 01/22/2008 - 03:31


I'm glad it's working now.

I see no reason for the VPN to affect the speed of the Internet connection. Check your "ipconfig" to see what IP addresses you have. Also, check the "route print" to see if the route table on your PC has the right routes.

You should also do some traceroutes to the Internet and to your internal LAN and see if you can see any problem there.

Hope it helps. Also, if you find any of my help useful can you please rate it?



aansatosorigin Tue, 01/22/2008 - 03:36

Hi Paulo,

By the way, ss that ok if I remove all the "pdm location" command??? Any effects?? Thanks.

its me again,


pjhenriqs Tue, 01/22/2008 - 03:58

Hi Aans,

The "pdm location command" is added in by the PDM so if you remove them the next time you access PDM it will just be added in again.

Just let it be ;).



aansatosorigin Fri, 01/25/2008 - 02:34

Hi Paulo,

Actually, I able to access to some website example,, but having problem to open page for, The error is the "page cant open". What should i do??


This Discussion