Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
644
Views
0
Helpful
0
Comments

User connected to the PIX using the Cisco VPN Client 3.x or later cannot get to the Internet

TCC_2
Level 10
Level 10

‎06-22-2009 03:33 PM - edited ‎03-08-2019 06:08 PM

Core issue

The PIX will not redirect traffic back out the same interface it came in on.

Resolution

To have Internet access while connected to the PIX with the VPN Client, you must enable split-tunneling.

  1. Enable split-tunneling on the vpngroup in the PIX.

2.   Create an access list that defines the PIX internal subnets to the pool of addresses used by the vpngroup, and then point the split-tunneling to that access list.

See the following partial PIX configuration.

ip address inside 192.168.0.0 255.255.255.0
ip local pool vpnpool 172.16.1.1-172.16.1.254
access-list WEB permit ip 192.168.0.0 255.255.255.0 172.16.1.0 255.255.255.0
vpngroup CLIENTVPN split-tunnel WEB
Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents