Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
244
Views
5
Helpful
1
Replies

Remote VPN Clients and Internet Access

Go to solution
jgulick
Level 1
Level 1

‎03-08-2003 03:06 PM - edited ‎02-21-2020 12:24 PM

I apologize in advance if this question has already been addressed. I am currently using a PIX 520 running Firewall Version 6.1(2). I have several remote users who VPN to the PIX. Once the VPN tunnel is initiated, they are no longer able to connect to the internet from their local machines. Is there a configuation on the PIX that will allow these remote users to have access to the internet while connected to the PIX.

TIA,

Jeff Gulick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
shannong
Level 4
Level 4

‎03-08-2003 05:20 PM

The Pix does not allow traffic to enter and exit on the same interface. Therefore, a VPN user cannot access the Internet through the tunnel. If you're using the Cisco client, enable split-tunneling so that all traffic doesn't goes across the tunnel.

If you're using PPTP, you can disable the option that makes the remote network the default gateway. However, local routes will need to be added to those clients when they connect.

Or you can use an additional interface on the firewall. One that terminates the VPN tunnels, and another that provides for Internet connectivity. That way the traffic doesn't enter/leave on the same interface.

Of course, it's best if client Internet traffic doesn't go across the tunnel. It wastes your bandwidth and has security concerns as well. I suggest you use the Cisco client and split-tunneling.

View solution in original post

1 Reply 1

Go to solution
shannong
Level 4
Level 4

‎03-08-2003 05:20 PM

The Pix does not allow traffic to enter and exit on the same interface. Therefore, a VPN user cannot access the Internet through the tunnel. If you're using the Cisco client, enable split-tunneling so that all traffic doesn't goes across the tunnel.

If you're using PPTP, you can disable the option that makes the remote network the default gateway. However, local routes will need to be added to those clients when they connect.

Or you can use an additional interface on the firewall. One that terminates the VPN tunnels, and another that provides for Internet connectivity. That way the traffic doesn't enter/leave on the same interface.

Of course, it's best if client Internet traffic doesn't go across the tunnel. It wastes your bandwidth and has security concerns as well. I suggest you use the Cisco client and split-tunneling.

Customers Also Viewed These Support Documents