Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN CLIENT 3.0 AND PIX 515

I using this configuration, cant establish VPN tunnel trough to ISP, but is not possible out to internet

2 REPLIES
Cisco Employee

Re: VPN CLIENT 3.0 AND PIX 515

This is expected if you don't configure split-tunnel option of vpngroup command. see:

from:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/ipsec/commands.htm#xtocid185914

Use the vpngroup split-tunnel command to enable split tunneling on the PIX Firewall. Split tunneling allows a remote VPN client simultaneous encrypted access to

the corporate network and clear access to the Internet. Using the vpngroup split-tunnel command, specify the access-list name to which to associate the split

tunnelling of traffic. With split tunnelling enabled, the PIX Firewall downloads its local network IP address and netmask specified within the associated access-list to

the VPN client as part of the policy push to the client. In turn, the VPN client sends the traffic destined to the specified local PIX Firewall network via an IPSec

tunnel and all other traffic in the clear. The PIX Firewall receives the IPSec-protected packet on its outside interface, decrypts it, and then sends it to its specified

local network.

for a sample config, pls. see:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_60/ipsec/exvpncl.htm#xtocid281795

hope this helps,

Vijay

New Member

Re: VPN CLIENT 3.0 AND PIX 515

Thanks by responding, exactly with its informacion solve the problem.

best regards.

85
Views
0
Helpful
2
Replies
CreatePlease to create content