×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Help with PIX515 and vpn web traffice not going through PIX for security

Unanswered Question
Feb 28th, 2003
User Badges:

Hello.


I am terminating client sessions at my 515 Pix the problem I am running into is that when the clients establish a session they are not using the pix to route all traffice. For instance they go to yahoo they are using there ISP default gateway and I want it to go through the PIX can anyone help me here. I ahve tried the enable local lan option on the pcf file but to no avail.



Thanks


David

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
donewald Fri, 02/28/2003 - 17:47
User Badges:
  • Silver, 250 points or more

David,


The best way to do this is with your routing and other network equipment to make your PIX the only route out of your network. If most users are given a choice not to go through a FW most would not. Force the web traffic through your firewall with your routers. either via PBR (Policy Based Routing, default route pointing to inside interface of PIX, etc).


Hope this helps you,

Don

dedube23 Mon, 03/03/2003 - 12:58
User Badges:

Thanks for responding to my message,



I am using IPSEC with the CIsco VPN client on home machines. I was trying to get all traffice when the person was connected to go throught the Pix instead of Split-Tunneling. SO that it would be a secure link but I have fond somewhere that you can not do this with the Pix Firewall. I am doing this with a 3005 conventrator. Unless some have heard something to the contrary I am going to give up on this one.

Actions

This Discussion