Help with PIX515 and vpn web traffice not going through PIX for security

dedube23 · ‎02-28-2003

Hello.

I am terminating client sessions at my 515 Pix the problem I am running into is that when the clients establish a session they are not using the pix to route all traffice. For instance they go to yahoo they are using there ISP default gateway and I want it to go through the PIX can anyone help me here. I ahve tried the enable local lan option on the pcf file but to no avail.

Thanks

David

donewald · ‎02-28-2003

David,

The best way to do this is with your routing and other network equipment to make your PIX the only route out of your network. If most users are given a choice not to go through a FW most would not. Force the web traffic through your firewall with your routers. either via PBR (Policy Based Routing, default route pointing to inside interface of PIX, etc).

Hope this helps you,

Don

dedube23 · ‎03-03-2003

Thanks for responding to my message,

I am using IPSEC with the CIsco VPN client on home machines. I was trying to get all traffice when the person was connected to go throught the Pix instead of Split-Tunneling. SO that it would be a secure link but I have fond somewhere that you can not do this with the Pix Firewall. I am doing this with a 3005 conventrator. Unless some have heard something to the contrary I am going to give up on this one.