Cisco Support Community
Community Member

Pix 506E-Mutliple Subnets-OpenVPN-Split Tunnel?

Hi folks,

We are fixing to bring up a site to site vpn. I have two 506E's. Corp office is also running OpenVPN. The OpenVPN is used to connect 500 devices. The private subnet the OpenVPN uses is, which is separate from the private subnet they are using for the servers and workstations. Now a branch office needs to be brought up. The OpenVPN solution needs to be moved to the branch office, with 12 users that will be separate from the OpenVPN subnet. May be in a subnet. I don't want to tunnel the OpenVPN traffic back to the corporate office for it to go back out to the internet to hit the 500 devices. I want the openvpn subnet hit the internet directly from the pix506e. Basically, I want traffic to go through the tunnel and the traffic to go directly over the internet. Is this possible? If so how?, if not what are my options? Also, OpenVPN uses SSL, and CA. All devices have a public ip address in the 166. range, and internal ip range of 10.8.

Any suggestions would be greatly appreciated!


Re: Pix 506E-Mutliple Subnets-OpenVPN-Split Tunnel?

This is allowed by default with the split-tunnel list, as long as there are no filters defined on the VPN group, user ID, or interface that would prohibit the flow of traffic. By default, no filters are defined, so all traffic should pass to the protected network

CreatePlease to create content