Cisco Support Community
Community Member

Pix and Vpn question

I have a pix firewall running pix 7.0(2) and use vpn.

I noticed when configuring vpn on an asa box that there was an option for split tunneling that prevented access to the local network when connected with the client to another network.

How can I do that on my Pix 7.0?

Thanks for your time,


Re: Pix and Vpn question

if u want to limit the client to the network he connected to u can do it by

first astandered ACL puting the network that this client allwed to use then inlcuded in the split tunneling optio in the tunnel spesified then tunnel network value put the ACL name or number this case the client will send traffic over the tunnel only to that network

also u can use filletering otion on the user it self if u use local database username and pass

go to the use name

usename [usename] attributes

the under this attributes theres villtiring otipn put here a ACL number that u have to creat it first

in the ACL just permit what u want the user to do only anything else will be denied

also another villtering and split tunneling way

in the above config when u defin the split tunnel u put the command tunnel sesified then the ACL

u have also option called tunnel unspisified

this one will work exactly the opesit way to noraml split tunnel

this will include evry thing except the traffic sesified in the ACL

finally u can make restrection on the clients by first remove the sysopt connection allow ipse

and then creat normal ACLs to permit clients IPs to what u want and then evry thing not in the ACL will be denied by the default implicit deny

good luck

please, if helpful Rate

CreatePlease to create content