Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT DESIGN small ISSUE

Hi ,

I have a PIX 515 and i have managed to set up a vpn with win2k over l2tp and ipsec .My Inside network say has the ip range of 10.200.1.x and the addresses given to vpn client are 10.200.25.xx .How can I allow the 10.208.25.xx clients to get access to the internet as if they were sitting in the office and working through the secure tunnel establish .

Thanks

Raj

2 REPLIES
New Member

Re: NAT DESIGN small ISSUE

Hi

AFAIK the pix only has a rudimentary routing capablitity, and does not allow the routing of a packet out of the same interface that it came in on. For this reason, you would also be unable to, say, contact the network on the other side of a pix-pix vpn tunnel when you vpn into one of those two pixes.

You could get around this if you have a proxy server on your internal network you can point your remote browsers at.

New Member

Re: NAT DESIGN small ISSUE

I don't think that this is quite what you're asking, but another option is to use a split-tunnel for this connection. This would allow you to have users connect to the inside and still surf the Internet.

87
Views
0
Helpful
2
Replies
CreatePlease login to create content