Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1064
Views
0
Helpful
8
Replies

PIX No Internet through VPN

ohnnyj
Level 1
Level 1

‎12-26-2006 03:52 PM - edited ‎03-11-2019 02:12 AM

Hello all:

This is probably a dumb question but I am still a Cisco noob so please bear with me.

When clients connect remotely through VPN how does one configure their PIX to allow them to still use the Internet while connected?

Thanks,

John

Labels:
0 Helpful
8 Replies 8

dougz
Level 1
Level 1

‎12-26-2006 04:46 PM

John,

You have to configure split-tunneling for client Internet access.

In the group policy for the remote access group, it resembles the following:

split-tunnel-policy tunnelspecified

split-tunnel-network-list value mygroup_splitTunnelAcl

I normally configure this using the GUI wizard because I think its easier. In that case, when you select your protected networks there is a box at the bottom of the window for split tunneling. Check it to enable this functionality.

Hope this helps.

Doug.

0 Helpful

ohnnyj
Level 1
Level 1
In response to dougz

‎12-26-2006 05:35 PM

I haven't accessed the GUI wizard in a while. Are you talking about the PDM software? If so, do you connect by using the ip address of the pix?

Thanks.

0 Helpful

dougz
Level 1
Level 1
In response to ohnnyj

‎12-26-2006 05:53 PM

I guess I didn't ask about which code version you are running - but it probably doesn't matter much.

Yes, the PDM software is for PIX OS 6.0 - 6.3 (roughly - I was a CLI user until fairly recently)

The ASDM software is for PIX/ASA OS 7.0 or greater.

PIX 6.3 - 6.0 => https://

PIX 7.0 or greater => https:// or use the ASDM application.

0 Helpful

ohnnyj
Level 1
Level 1
In response to dougz

‎12-26-2006 06:08 PM

Yeah, I'm using PDM 6.3 and can't seem to find the box you were referring to. I currently have a pptp group and the outside interface enabled for pptp connections. I can't find the setting for split-tunneling. Am I looking in the wrong place?

Thanks.

0 Helpful

dougz
Level 1
Level 1
In response to ohnnyj

‎12-26-2006 06:15 PM

I thought you were doing IPSec tunnels. With PPTP, I am not sure how to do that.

I don't know how feasible it would be to consider IPSec tunnels - you would have to distribute the VPN client (according to the license agreement) - but the VPN Wizard makes it pretty easy to set up.

Doug.

0 Helpful

ohnnyj
Level 1
Level 1
In response to dougz

‎12-26-2006 06:19 PM

Is IPSec better than PPTP? And is there more information on how to properly set this up?

Sorry for asking so many questions.

0 Helpful

dougz
Level 1
Level 1
In response to ohnnyj

‎12-26-2006 06:26 PM

PPTP is an older protocol. Its been a good 5-7 years since I've used it. Cisco still supports it but they would probably encourage you to use IPSec if possible.

IPSec is the current standard.

You may want to take a look at the following modules even though they are for the ASA:

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

In the training, there is a module for the Easy VPN connection setup.

Give that a try.

Doug.

0 Helpful

ohnnyj
Level 1
Level 1
In response to dougz

‎12-26-2006 06:44 PM

Great. Thank you very much for all you help!

- John

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card