Pix and Vpn question

Unanswered Question
Aug 19th, 2008

I have a pix firewall running pix 7.0(2) and use vpn.

I noticed when configuring vpn on an asa box that there was an option for split tunneling that prevented access to the local network when connected with the client to another network.

How can I do that on my Pix 7.0?


Thanks for your time,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Tue, 08/19/2008 - 22:06

if u want to limit the client to the network he connected to u can do it by

first astandered ACL puting the network that this client allwed to use then inlcuded in the split tunneling optio in the tunnel spesified then tunnel network value put the ACL name or number this case the client will send traffic over the tunnel only to that network


also u can use filletering otion on the user it self if u use local database username and pass


go to the use name

usename [usename] attributes

the under this attributes theres villtiring otipn put here a ACL number that u have to creat it first

in the ACL just permit what u want the user to do only anything else will be denied


also another villtering and split tunneling way


in the above config when u defin the split tunnel u put the command tunnel sesified then the ACL


u have also option called tunnel unspisified

this one will work exactly the opesit way to noraml split tunnel

this will include evry thing except the traffic sesified in the ACL


finally u can make restrection on the clients by first remove the sysopt connection allow ipse

and then creat normal ACLs to permit clients IPs to what u want and then evry thing not in the ACL will be denied by the default implicit deny


good luck


please, if helpful Rate

Actions

This Discussion