Sample configuration for a PIX-to-PIX split-tunnel VPN
I currently have two private networks connected together via a VPN tunnel with PIX 501s at both ends.
The remote site (I am at the central office) has a cable connection of their own, but at present they are routing all their data (including web traffic) over the VPN to my location, which then goes out to the internet via our T1.
Because I've already got a 'regular' VPN setup, I was wondering if someone here could please help me with a sample configuration to turn the existing VPN into a 'split-tunnel', whereby any of their traffic NOT destined for 172.16.0.0 goes out through their 66.33.x.x (cable modem) address?
Re: Sample configuration for a PIX-to-PIX split-tunnel VPN
You can solve this by ajusting the NAT confiuration and the crypto ACL you are using.
Use NAT 0 with a ACL to not do natting between your sites.
Use NAT 1 and Global 1 to NAT your Remote office traffic to go straight to the internet.
The crypto ACL sould in your case only permit IP Addresses on your Central office and the Remote office (as source and destination), and not "any" IP.
As a hint I would use different ACL -names or numbers for the NAT-ACL and Crypto-ACL, even though these two ACL's in your case probably would be equal. PDM has problems with "Double-usage" of ACL's....
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...