×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

User connected to the PIX using the Cisco VPN Client 3.x or later cannot get to the Internet

Document

Wed, 07/22/2009 - 19:31
Jun 22nd, 2009
User Badges:
  • Gold, 750 points or more

Core issue


The PIX will not redirect traffic back out the same interface it came in on.


Resolution


To have Internet access while connected to the PIX with the VPN Client, you must enable split-tunneling.


  1. Enable split-tunneling on the vpngroup in the PIX.


2.   Create an access list that defines the PIX internal subnets to the pool of addresses used by the vpngroup, and then point the split-tunneling to that access list.

See the following partial PIX configuration.



ip address inside 192.168.0.0 255.255.255.0

ip local pool vpnpool 172.16.1.1-172.16.1.254

access-list WEB permit ip 192.168.0.0 255.255.255.0 172.16.1.0 255.255.255.0

vpngroup CLIENTVPN split-tunnel WEB

Loading.

Actions

This Document

Related Content