Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

site to site + Internet connection

Hi,

i have a site to site Pix connection. Is it possible to allow the remote site the way to the Internet ? I meen no Internet connection over the central site. I meen on the remote site.

Thanks for help,

sebastian

3 REPLIES
Bronze

Re: site to site + Internet connection

Hi Sebastian

I am not following you. Are you saying that you don't want the traffic destined for the Internat to go ver the tunnel?

If that's the case, make sure that you only include the private subnets in your encryption ACL so that only the private-private subnets traffic gets encrypted

Hope that helps

Jazib

Community Member

Re: site to site + Internet connection

Hi,

ok, if it is possible for a client in the remote network to access the Internet without going over the IPSec tunnel, isn t it a security problem ? Maybe there are some old Win9x clients. If a hacker go on this devices, there is a easy way to connect the central site....

sebastian

Bronze

Re: site to site + Internet connection

Hi Sebastian,

yes, it is possible for the client to access the Internet without going over the IPSec tunnel. Enabling ST could be a security hole. If avoid that, you can also enable "stateful firewall" option on the client to avoid accepting inbound connections from the client

Hope that helps

Jazib

264
Views
0
Helpful
3
Replies
CreatePlease to create content