I have a question about the universal VPN client. Ive used the Safenet IRE client in the past to connect to the PIX FW and 1700 series VPN devices. My question is can you change the address range the universal client encrypts data for. You will notice that it will encrypt data for network 0.0.0.0 mask 0.0.0.0, which is every packet. It has been my experience that you either VPN or surf the Internet, not both at the same time. With the IRE client it is possible to do this, am I missing a menu or setting in the new client?
You're right about the new client, unlike in the IRE client you could specify which traffic is to be protected by IPSEC. The new client 3.0 gets this information from the FW. You would create an access-list in the firewall and use the split-tunnel command. See example
access-list 180 permit ip 126.96.36.199 255.255.255.0 172.25.0.0 255.255.0.0
vpngroup your_vpn_group split-tunnel 180
Now only traffic to the FW will be encrypted. Regular internet traffic won't be encrypted.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...