Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Client VPN tunnels on a Pix Firewall

One of my customers as a multiple Client VPN tunnels on a Pix Firewall, each tunnel as a restricted access only for some hosts. I would act in such a way that the remote client doesn't have internet and local network access directly while connected in vpn.

How the split tunneling have to be set?

2 REPLIES
New Member

Re: Multiple Client VPN tunnels on a Pix Firewall

The requirement is to mantain the limited access on assigned resources, from remote vpn clients to local network, but disable the access to internet and networks near vpn clients. In Pix v.6.3.5 is not possible (in my labs) set a split tunnel and reducing internet access.

Example:

-------------------------------

access-list vpn-xx3 permit tcp object-group RDP-Server-xx3 eq 3389 object-group Clients-xx3-vpn

access-list vpn-xx3 permit tcp host 10.11.20.39 object-group Porte-1522-sqlnet object-group Clients-xx3-vpn

access-list vpn-xx3 permit tcp host 10.11.20.20 object-group Porte-1522-sqlnet object-group Clients-xx3-vpn

access-list vpn-xx3 deny ip any any

--------------------------------

reduce the access to resource, but the default gateway is the access router for remote client.

When the split tunnel don't exist the default gateway is the vpn peer.

Is possible the unification of the two feature?

148
Views
0
Helpful
2
Replies
CreatePlease to create content