New Site installation of PIX ASA 5520 - Remote VPN clients authenticate and have access to internal network, with IP derived from internal IP pool. When a remote web site requires IP authentication and is added to split tunneling, the user cannot contact the site. Remove the site from split tunneling and they can contact the site, but are refused (IP authentication) because they are not using the tunnel and are therefore, not using an internal network IP, but the IP from their local ISP.
all servers that require IP authentication are OUTSIDE the PIX. Remote user tunnel is into the OUTSIDE interface and with split tunneling the request must return thru the OUTSIDE interface. If they don't use split tunneling the request emminates from their remote PC thru their ISP and successfully reaches the outside host, but the source IP won't authenticate.
I suppose the biggest question I have (lucent background) is where exactly "in the greater scheme of things" does a vpn client reside (ie-the tunnel end point).
You can tunnel all traffic and nat the remote clients on the outside of the ASA. Therefore the source address of the request to the server would be from your main site, not the remote site. The .doc is for remote access vpn clients but is the same for lan 2 lan.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...