Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco VPN client, PIX and proxy

Hi.I have the following problem in my company. We have users that are going through a proxy server located on the DMZ side of a PIX to the internet(allowed through the DMZ ACL to the outside etc.).That works great.

The problem arises when they use a Cisco VPN client to connect to another company and they cannot access the Internet anymore but can work over VPN on a remote site(Cisco client has been allowed through the PIX). Everything returns to normal when they don't use the VPN client anymore.

Any ideas why this would happen?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Cisco VPN client, PIX and proxy

Without the proxy either you browse the internet over the vpn connection, or split-tunnel is configured and you exit locally. In case split-tunnel is configured, the proxy-server ip address could be overlapping with the remote protected network.

Fortunately it is easy for you to find out how the vpn is configured, just check the route details tab of the vpn client's statistics.

Check the local pc routing table will also help you troubleshoot this issue.

3 REPLIES

Re: Cisco VPN client, PIX and proxy

I have an idea. The default behaviour of the Cisco VPN Client is to tunnel everything to the remote site. If your users only want to tunnel some traffic and access your own network at the same time, they would have to configure split-tunneling at the remote vpn site. Not all companies allow that though, you have to find out.

New Member

Re: Cisco VPN client, PIX and proxy

And one more thing that I just noticed is that if you disable the proxy in the Internet browser you can browse the Internet and do the work over VPN.Did on my PC though as few of us can access the Internet without the use of a proxy.

Don't know if it's connected to the split tunnel story though.

Re: Cisco VPN client, PIX and proxy

Without the proxy either you browse the internet over the vpn connection, or split-tunnel is configured and you exit locally. In case split-tunnel is configured, the proxy-server ip address could be overlapping with the remote protected network.

Fortunately it is easy for you to find out how the vpn is configured, just check the route details tab of the vpn client's statistics.

Check the local pc routing table will also help you troubleshoot this issue.

286
Views
0
Helpful
3
Replies
CreatePlease to create content