Can't get to Internet when VPN client 3.5 is active????

jpoulos · ‎06-27-2002

I installed VPN client 3.5 on my WIN 98 SE laptop. I can access my corporate network, but I can't get to the internet at all when the VPN is active. Any ideas. Thanks for the help in advance.( THe pix is running 6.1(2))

Jpoulos

paqiu · ‎06-27-2002

I think you must run in "tunnal all" mode.

In the PIX, there is a command to enable "split tunnel", from the split tunnel access-list, you can control which traffic will be encrypted and which traffic will go to internet.

Here is the sample config:

http://www.cisco.com/warp/customer/110/pix3000.html

Check the command:

" vpngroup vpn3000 split-tunnel 101"

"access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0 "

Best Regards,

jpoulos · ‎06-28-2002

That was it. It worked perfectly. My next problem is that I need to send all traffic going to a single ip address out my dmz and through a 3rd party VPN device. We have a company hosting one of our databases. So I need to VPN in to the secure network then out through the dmz to this one server. What command do I need to use to do this. Let me know if I need to clarify anything. Thanks for your help, it is greatly appreciated.

Jpoulos

paqiu · ‎06-29-2002

Two things you need to do this:

1 nat (dmz) 0 access-list

Assume that your server in 192.168.100.0 255.255.255.0 netowrk.

Make sure you add that network into your no nat access-list.

This one to bypass NAT for the VPN traffic to the DMZ interface.

2 Make sure there is a return routes from the server end.

If your VPN client ip address pool is 192.168.1.1 to 254, DMZ interface ip address is 192.168.100.1

Make sure from the server, you have something like this:

ip route 192.168.1.0 255.255.255.0 192.168.100.1