but it requires two external interfaces on the PIX (something you may not have), and with VPN clients the routing would be a nightmare, you'd have to add specific static routes for the VPN clients subnets, probably unworkable in the long run.
Short answer, no, you can't do it without doing split tunnelling. Keep in mind the VPN client has a built-in firewall in it now that will disallow any external connection from being accepted, negating most of the risks of split tunnelling. You can even have this firewall enabled all the time, even when the tunnel isn't connected, further securing your PC's.
Re: Sending traffic from VPN clients through the PIX to the Inte
Although you can't do this directly you can if you have a proxy server on a dmz. In this case the client makes all it's connections to the proxy and the proxy makes all the internet connections. You don't then have to use split-tunnelling.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...