Re: vpn 3000 client

bma · ‎12-11-2001

Hi

I use vpn 3000 2.5B cisco vpn client from DSL route to PIX. When vpn connection, I can get in inside network, but internet is fail with DSL line.

when close vpn connection, internet is fine with DSL line. I did some testing, when vpn connection, cannot ping any DSL route ip address, when vpn disconneciton, ping DSL route ip address is fine.

any idea, please help. thanks

ben

jscinocca · ‎12-11-2001

Upgrade to windows 2000

Phillip Remaker · ‎12-11-2001

What you are asking for is a "split tunnel." That is, you want traffic for your company to go along the VPN link, and traffic for the internet to go locally. By default, you will send ALL traffic over the VPN link, so internet bound traffic will go to the VPN concentrator and then out from there... so depending on yoru addressing at the concentrator (RFC1918?) and corporate firewall policies, internet traffic may be blocked.

Please refer to the Cisco 3000 FAQ at http://www.cisco.com/warp/public/471/vpn_3000_faq.shtml

Specifically, http://www.cisco.com/warp/public/471/vpn_3000_faq.shtml#Q25

bma · ‎12-12-2001

Thanks, after split tunnel, it's working.

mdahl · ‎12-13-2001

Just a note. Split-tunneling is a huge security risk, as it allows back doors into your network from the public Internet.

kermanis · ‎12-31-2001

Most companies provide a proxy server that you can go through to access the internet as if you were accessing the internet from work directly (providing your company has dedicated internet access) You would specify this in your browser settings.

-Saadi

travis-dennis_2 · ‎01-01-2002

True. The other option is for your company to allow split-tunneling but for security reasons that is not advisable. Just find out waht the default gateway is on the LAN and plug that into your TCP/IP settings