Pix 501 VPN - local Internet Access

johnweldin · ‎03-30-2006

How do I give a VPN client (using Cisco VPN Client software) access to their local network (ie their servers and Internet connection), while being connected to a remote Pix 501 via VPN client? Is there a command that enables that?

m.sir · ‎03-30-2006

Its not one simple command

You need configure PIX as Easy VPN server

Try this document

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_configuration_example09186a00801e71c0.shtml

M.

Hope that helps, rate if it does

jackko · ‎03-30-2006

the feature named "split tunneling" needs to be configured on the pix.

below are the sample codes:

access-list 101 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

access-list 120 permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0

nat (inside) 0 access-list 101

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool 10.1.1.11-10.1.1.21

vpngroup vpnclient address-pool ippool

vpngroup vpnclient idle-time 1800

vpngroup vpnclient dns-server 139.130.4.4

vpngroup vpnclient password cisco456

vpngroup vpnclient split-tunnel 120

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username cisco password cisco123

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond