Cisco Support Community
Community Member

Cisco VPN Client 3.1 + Cisco PIX 6.2

We have some users using the vpn clients from outside of the office.

The vpn is working fine, but when the user try to access to internet is not possible. Only work to the LAN inside of the PIX.

It's not a DNS problems, because i can not ping to any site in the internet.


Roberto Arriagada

Community Member

Re: Cisco VPN Client 3.1 + Cisco PIX 6.2

They wont be able to access the internet through the pix vpn, practically, when the client connection is up unless you do split tunneling. What you will need to do in order for them to do this is set up a access-list to say what networks they will have access to through the vpn tunnel. That way everything else will be allowed to go through there isp. Something like this.

Access-list 100 permit ip

vpngroup cisco split-tunnel 100

Where 192.x.x.x is your inside network and the 10.x.x.x is your pool for your vpn clients.

Now this isnt really recommend as its a security issue. What this will do will allow someone on the internet to say, pc anywhere to your vpn client and then access your internal network through the vpn tunnel. Several acceptable ways to prevent this is to verify that the client has some type of firewall on the pc. There is a built in firewall, umm would have to check to see if available with 3.1, think so, but definitely available with 3.5 +. But no way to verify that they actually have it turned on when going to the pix. With a 3000 you can force them to have it on or they can't connect. So, check to see whats right for you.

Kurtis Durrett

Community Member

Re: Cisco VPN Client 3.1 + Cisco PIX 6.2

Now it's working.

Thank you.

CreatePlease to create content