Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

VPN client 3.5 encryption

Hi,

I am using a Cisco VPN client 3.5 to connect to a Pix (running 6.1) with xauth through the Internet, this is, the client connects from anywhere and it is receiving an IP address from the ISP it is connecting to. I can access any web site on the Internet. Then when I start the VPN client, I received another IP address from the pool I have created on the Pix, and I can access all the resources on the internal network, BUT I can no longer access anything on the Internet. It seems like the client is encrypting all the traffic using the IP address that I received from the Pix (VPN server) not the IP address that tha ISP gave me.

Is there a way to say "only encrypt this traffic" to the client?

How can I resolve this? any suggestions?

TIA

Alex

1 REPLY
New Member

Re: VPN client 3.5 encryption

Hi Alex

You need to enable "Split Tunnelling" on your PIX - this tells the client only to encrypt data to an access that you create:

vpngroup vpnclient address-pool vpnpool

vpngroup vpnclient split-tunnel 101

vpngroup vpnclient idle-time 1800

vpngroup vpnclient password ********

access-list 101 permit ip 193.36.8.0 255.255.255.0 192.168.255.0 255.255.255.0

The above will ensure that the VPN Clients only encrypt traffic to 193.36.8.0 network.

Regards, Barry

228
Views
0
Helpful
1
Replies
CreatePlease to create content