Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Pix vpn hardware client and outside interface.

Is it possible to include the outside interface in the vpngroup tunnel? I have a pix501 as a client that is connecting to a 515. The 501 is connected to a broadband connection and its IP address is assigned by dhcp.

I would like to setup url filtering on the 501 to a websense server that is connected via vpn tunnel on the 515.



Cisco Employee

Re: Pix vpn hardware client and outside interface.

If you're running <= v6.2 then a tunnel from the PIX outside interface to the inside network should automatically be created, allowing you to simply add a url-server in with the remote server address.

In 6.3 this changed and the PIX would not automatically create this management tunnel. Add the following to the 501 and it should create the management tunnel:

vpnclient management tunnel

This should then tell the 501 to create a tunnel from its outside interface to the 515 inside subnet, again allowing you to use the url-server remotely.

You can do a "sho cry ipsec sa" to see what subnets/tunnels it has created.

CreatePlease to create content