I have a pix 515 and am using the vpn client 3.5.1 to connect users from the internet. Currently I have a split tunnel that puts 10./8 traffic over the vpn and everything else over the local network. What I would like to do is break the tunnel and have all the clients traffic either go through the pix or forward out to my netbsd gateway. Can anyone help with this.
I am not sure what the netbsd gateway is but I've found that the PIX VPN won't forward traffic out the same port it came in on. If the netbsd is some kind of proxy server I'd think you could use it for the VPN users but I'm just guessing on that one. You can enable the "stateful firewall" on the client which would add some security to the remote node.
The VPN connections come into the pix, but all internal network traffic goes out the netbsd. I want to be able to disable local lan access on the vpn client and have the clients internet traffic go through the PIX and out the netbsd. I can always set the proxy server option on the client and then http goes through the squid on the netbsd, but I would like to be able to route all the traffic not just proxy http. Thanks for your help, at least now I can narrow it down a bit.
If I understand you correctly, you want all of your VPN traffic to go back out thought the PIX to access the Internet. Is this to prevent the user from having unsecured connections while connected to your Private net? The only problem with your layout is that the PIX isn't a router. It cannot re-route traffic out of an interface that it came in on. So users coming in on (Outside) via the VPN to access (inside/DMZ, whatever) cannot go back out through (Outside) to access the web.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...