We have a VPN 3030 which connects to a PIX 6.1 on the VPNDMZ. We want to route traffic from a vpn client through the VPNDMZ and out to the internet via the outside interface of the PIX. Is this possible? Where are the configuration changes applied? We are trying to avoid split tunnel.
By design the PIX will never route traffic back out the interface that traffic came in on - this is something that you can't do much about. Your best choices are to either:
a) run split-tunnel
b) use a proxy server beyone the PIX.
My recommendation would be to use split tunnel, since it allows you to restrict access to internal hosts via an ACL. Not using split-tunneling means you're opening the entire inside network (basically).
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...