Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

need to force vpn users to go through firewall to get to internet???

I need to force my VPN users to go back through the pix and then out the pix's internet connection. I have a company hosting a server for me that you can only get to if you are inside our firewall. When my VPN user try to go to the site they can't get there because they aren't going to it from inside the firewall. The server is using a public ip address, and we us a 10.x.x.x address scheme inside. Thanks for the help in advance.

Jpoulos

2 REPLIES
Cisco Employee

Re: need to force vpn users to go through firewall to get to int

Hi,

The following can be done in this case..

Make sure that all traffic comes through the VPN tunnel and you donot do any Split tunneling. Then the IP address assigned to the clients should be from the same range as the Inside Network on the Firewall. Once that is accomplished and the VPN is terminated on an interface which allows for the PIX to not have to bounce the packets off the same interface, this will work without much problem.

Hope this helps,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933

-=-=-=-

New Member

Re: need to force vpn users to go through firewall to get to int

I tried this and it didn't work. When I disable the split tunneling, I can't get to the internet at all, and I can't get to the site I need to get to through my DMZ interface. I checked the xlate table and I don't see any NAT happening going to the DMZ. Thanks in advance.

JPoulos

103
Views
0
Helpful
2
Replies