Windows network <-> PIX 501 <-> cable modem <-> internet <-> vpn client.
I have set up split tunneling so my vpn user can browse the net whilst connected. That portion is working fine. However, the only host on the inside of the pix that the vpn can access is the machine that happens to be all-in-one radius server/wins server/dns server. I can access that system's file shares, but not any other box. The inside interface uses 192.168.0.0. The vpn client ip pool is 10.1.1.0.
I am not able to ping anyone except the above mentioned box.
>>just wondering if the default gateway for all windows network host is the pix501 inside interface.
Actually, no. Some of the inside hosts use a second pix501. I am not sure how/why it works the way it does, but it does. For what its worth, before I tried enabling split-tunnelling, I had everyone, including the vpnclient ip pool, on the 192.168.0.0 network. That worked, except split-tunnelling didn't.
Attached is my config. I hope I am not exposing my privates.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...