Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Attached VPN clnt: route to Outside Int?

I think the answer to this will be, "It's supposed to work that way..." but here goes:

I've got a PPTP VPN server set up on my PIX, authenticating to RADIUS. Everything works fine, the attached client dials in, and can see everything on "Inside", "DMZ1" and "DMZ2". However, DNS will resolve public hosts, but the client can't get to them (ie. route back out thru the Outside interface). I need for this to function, so if someone gets email with a link to a public website, it will route properly, and the site wil come up.

Client is using the built-in VPN client supplied with Win2K

PS: Couldn't immediatly find a link to download the Cisco EZ-VPN client, I bet you can tell this client what networks you want to go thru the tunnel, versus sucking all traffic (0.0.0.0) into the tunnel..

--alex

1 REPLY

Re: Attached VPN clnt: route to Outside Int?

Alex,

It's supposed to work that way ;)

Yeah, unfortunately, PPTP has no mechanism for split tunnelling and the PIX will not re-direct packets out the same interface where they were received. So, you are kinda hosed in this setup. The IPSec client (as you mentioned) can do split tunnelling. And as a matter of fact, moving to this kind of client connection will be a good idea as we move forward with PIX code. You can download the IPSec client here - http://www.cisco.com/cgi-bin/tablebuild.pl/vpnclient-3des

And here is a sample config for setting up the PIX for PPTP and IPSec clients - http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a0080093f89.shtml

Good luck.

Scott

103
Views
0
Helpful
1
Replies
CreatePlease login to create content