12-26-2006 03:52 PM - edited 03-11-2019 02:12 AM
Hello all:
This is probably a dumb question but I am still a Cisco noob so please bear with me.
When clients connect remotely through VPN how does one configure their PIX to allow them to still use the Internet while connected?
Thanks,
John
12-26-2006 04:46 PM
John,
You have to configure split-tunneling for client Internet access.
In the group policy for the remote access group, it resembles the following:
split-tunnel-policy tunnelspecified
split-tunnel-network-list value mygroup_splitTunnelAcl
I normally configure this using the GUI wizard because I think its easier. In that case, when you select your protected networks there is a box at the bottom of the window for split tunneling. Check it to enable this functionality.
Hope this helps.
Doug.
12-26-2006 05:35 PM
I haven't accessed the GUI wizard in a while. Are you talking about the PDM software? If so, do you connect by using the ip address of the pix?
Thanks.
12-26-2006 05:53 PM
I guess I didn't ask about which code version you are running - but it probably doesn't matter much.
Yes, the PDM software is for PIX OS 6.0 - 6.3 (roughly - I was a CLI user until fairly recently)
The ASDM software is for PIX/ASA OS 7.0 or greater.
PIX 6.3 - 6.0 => https://
PIX 7.0 or greater => https://
12-26-2006 06:08 PM
Yeah, I'm using PDM 6.3 and can't seem to find the box you were referring to. I currently have a pptp group and the outside interface enabled for pptp connections. I can't find the setting for split-tunneling. Am I looking in the wrong place?
Thanks.
12-26-2006 06:15 PM
I thought you were doing IPSec tunnels. With PPTP, I am not sure how to do that.
I don't know how feasible it would be to consider IPSec tunnels - you would have to distribute the VPN client (according to the license agreement) - but the VPN Wizard makes it pretty easy to set up.
Doug.
12-26-2006 06:19 PM
Is IPSec better than PPTP? And is there more information on how to properly set this up?
Sorry for asking so many questions.
12-26-2006 06:26 PM
PPTP is an older protocol. Its been a good 5-7 years since I've used it. Cisco still supports it but they would probably encourage you to use IPSec if possible.
IPSec is the current standard.
You may want to take a look at the following modules even though they are for the ASA:
http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html
In the training, there is a module for the Easy VPN connection setup.
Give that a try.
Doug.
12-26-2006 06:44 PM
Great. Thank you very much for all you help!
- John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: