Current behavior (with PIX 6.3) is that none of the remote VPN users clients connecting to the PIX can access the internet since split tunneling is disable.
But once the upgrade is completed, the customer requires that a new group of users VPNing the network be able to go back to the internet.
Therefore, I would like to know if it is feasible to have 2 vpn profiles where in profile A, its users vpn the network and only be granted access to the internal LAN (no internet whatsoever) whereas for profile B, its users can access LAN and access internet too.
Thanks, but what I am looking for is to find a way to block internet to some users VPNing from home, so split-tunnel-policy tunnelall helps to redirect all the traffic to the PIX but, how do I block internet traffic then, given that there will be another group of users that will have internet access when VPNing but accessing the internet from the PIX?
PIX 7.2 will be the version I will work the configuration
That's exactly what I answered. Tunnelall does send everything over the tunnel and therefore not to the internet, unless you are doing outside nat like in the post below. The other group can be set up for split tunnel or public internet on a stick (outside nat).
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...