I have a PIX 515e as our firewall. Our PIX Firewall has 6 interfaces and servers as a firewall only. There is a VPN 3005 attached to Ethernet2 interface of firewall, serving as the VPN concentrator. External Interface of VPN 3005 is connected to the Ethernet2 interface of PIX Firewall and the internal interface of the VPN 3005 is directly connected to our internal LAN. Clients on the outside connect thru the PIX to the external interface of the VPN3005 and get access to the internal LAN. Everything works fine, until I enable split-tunneling. After enabling the split-tunneling on VPN 3005, VPN Clients can no longer access the internal LAN anymore. As soon as I disable the split-tunneling on VPN 3005, everything is fine. Any Idea?
PS. When I use the Cisco VPN Client to connect from a PC on the internal LAN to the inside interface of VPN 3005 with the split-tunneling enabled (Just for testing purposes), it seems to work fine. Seems like that something goes wrong when doing the split-tunneling thru PIX.
What split tunneling does is allows you to specify which networks you want to pass through the vpn. If the traffic does not match the access lists you define then it is not allowed through the vpn and is sent to the PC's default gateway which is more than likely the internet. The only traffic we can define on the PIX is the traffic we want to go through the VPN tunnel.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...