03-08-2003 03:06 PM - edited 02-21-2020 12:24 PM
I apologize in advance if this question has already been addressed. I am currently using a PIX 520 running Firewall Version 6.1(2). I have several remote users who VPN to the PIX. Once the VPN tunnel is initiated, they are no longer able to connect to the internet from their local machines. Is there a configuation on the PIX that will allow these remote users to have access to the internet while connected to the PIX.
TIA,
Jeff Gulick
Solved! Go to Solution.
03-08-2003 05:20 PM
The Pix does not allow traffic to enter and exit on the same interface. Therefore, a VPN user cannot access the Internet through the tunnel. If you're using the Cisco client, enable split-tunneling so that all traffic doesn't goes across the tunnel.
If you're using PPTP, you can disable the option that makes the remote network the default gateway. However, local routes will need to be added to those clients when they connect.
Or you can use an additional interface on the firewall. One that terminates the VPN tunnels, and another that provides for Internet connectivity. That way the traffic doesn't enter/leave on the same interface.
Of course, it's best if client Internet traffic doesn't go across the tunnel. It wastes your bandwidth and has security concerns as well. I suggest you use the Cisco client and split-tunneling.
03-08-2003 05:20 PM
The Pix does not allow traffic to enter and exit on the same interface. Therefore, a VPN user cannot access the Internet through the tunnel. If you're using the Cisco client, enable split-tunneling so that all traffic doesn't goes across the tunnel.
If you're using PPTP, you can disable the option that makes the remote network the default gateway. However, local routes will need to be added to those clients when they connect.
Or you can use an additional interface on the firewall. One that terminates the VPN tunnels, and another that provides for Internet connectivity. That way the traffic doesn't enter/leave on the same interface.
Of course, it's best if client Internet traffic doesn't go across the tunnel. It wastes your bandwidth and has security concerns as well. I suggest you use the Cisco client and split-tunneling.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide