03-30-2006 05:08 AM
How do I give a VPN client (using Cisco VPN Client software) access to their local network (ie their servers and Internet connection), while being connected to a remote Pix 501 via VPN client? Is there a command that enables that?
03-30-2006 06:02 AM
Its not one simple command
You need configure PIX as Easy VPN server
Try this document
M.
Hope that helps, rate if it does
03-30-2006 06:35 PM
the feature named "split tunneling" needs to be configured on the pix.
below are the sample codes:
access-list 101 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 120 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
nat (inside) 0 access-list 101
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp identity address
isakmp nat-traversal 20
crypto ipsec transform-set vpnset esp-3des esp-md5-hmac
ip local pool ippool 10.1.1.11-10.1.1.21
vpngroup vpnclient address-pool ippool
vpngroup vpnclient idle-time 1800
vpngroup vpnclient dns-server 139.130.4.4
vpngroup vpnclient password cisco456
vpngroup vpnclient split-tunnel 120
crypto dynamic-map dynmap 10 set transform-set vpnset
crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap
username cisco password cisco123
aaa-server LOCAL protocol local
crypto map remote_vpn client authentication LOCAL
crypto map remote_vpn client configuration address initiate
crypto map remote_vpn client configuration address respond
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide