Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

PIX No Internet through VPN

Hello all:

This is probably a dumb question but I am still a Cisco noob so please bear with me.

When clients connect remotely through VPN how does one configure their PIX to allow them to still use the Internet while connected?

Thanks,

John

8 REPLIES
New Member

Re: PIX No Internet through VPN

John,

You have to configure split-tunneling for client Internet access.

In the group policy for the remote access group, it resembles the following:

split-tunnel-policy tunnelspecified

split-tunnel-network-list value mygroup_splitTunnelAcl

I normally configure this using the GUI wizard because I think its easier. In that case, when you select your protected networks there is a box at the bottom of the window for split tunneling. Check it to enable this functionality.

Hope this helps.

Doug.

New Member

Re: PIX No Internet through VPN

I haven't accessed the GUI wizard in a while. Are you talking about the PDM software? If so, do you connect by using the ip address of the pix?

Thanks.

New Member

Re: PIX No Internet through VPN

I guess I didn't ask about which code version you are running - but it probably doesn't matter much.

Yes, the PDM software is for PIX OS 6.0 - 6.3 (roughly - I was a CLI user until fairly recently)

The ASDM software is for PIX/ASA OS 7.0 or greater.

PIX 6.3 - 6.0 => https://

PIX 7.0 or greater => https:// or use the ASDM application.

New Member

Re: PIX No Internet through VPN

Yeah, I'm using PDM 6.3 and can't seem to find the box you were referring to. I currently have a pptp group and the outside interface enabled for pptp connections. I can't find the setting for split-tunneling. Am I looking in the wrong place?

Thanks.

New Member

Re: PIX No Internet through VPN

I thought you were doing IPSec tunnels. With PPTP, I am not sure how to do that.

I don't know how feasible it would be to consider IPSec tunnels - you would have to distribute the VPN client (according to the license agreement) - but the VPN Wizard makes it pretty easy to set up.

Doug.

New Member

Re: PIX No Internet through VPN

Is IPSec better than PPTP? And is there more information on how to properly set this up?

Sorry for asking so many questions.

New Member

Re: PIX No Internet through VPN

PPTP is an older protocol. Its been a good 5-7 years since I've used it. Cisco still supports it but they would probably encourage you to use IPSec if possible.

IPSec is the current standard.

You may want to take a look at the following modules even though they are for the ASA:

http://www.cisco.com/web/learning/le31/le29/configuring_asa_pix_security_appliances.html

In the training, there is a module for the Easy VPN connection setup.

Give that a try.

Doug.

New Member

Re: PIX No Internet through VPN

Great. Thank you very much for all you help!

- John

175
Views
0
Helpful
8
Replies
CreatePlease to create content