Re: Internet Access through IPSec VPN to PIX Without Spil Tunnel

matt · ‎02-18-2007

Is it possible to configure a PIX 501 to allow internet access for a Cisco VPN Client 4.8 without Split tunneling.

The idea would be to have all raffic traverse the tunnel, be routed out the local WAN link on the PIX and then have the reply be forwarded back to the client over the IPSec tunnel.

Thanks.

Kamal Malhotra · ‎02-18-2007

Hi,

No. The only other possibility is to have a proxy server behind the PIX to allow the internet access. The PIX will not route back out the same WAN interface.

HTH,

Kamal

matt · ‎02-19-2007

Thanks for the reply's. This is what I feared... I was aware of the interface traversal restrictions but wasn't sure how that worked with the packet getting decrypted onto the inside interface.

I didn't think of the Proxy though... and appreciate the feedback! Thanks again.

BTW: Is there a reference that you are aware of for the 7.x code for this functionality?

kaachary · ‎02-19-2007

Hi Matt,

Here's the config example for 7.x:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Please rate the post if it helped.

-Kanishka

katerina.dardoufa · ‎11-20-2012

Very interesting link guys!

Really helped me out!

kaachary · ‎02-19-2007

Hi,

PIX ver 6.x doesn't support traffic redirection on any of its Interfaces. The capability as introduced in PIX 7.0 code. The minimum HW requirement to load a 7.0 code, is to have a PIX 515E.

HTH,

-Kanishka

Internet Access through IPSec VPN to PIX Without Spil Tunneling