https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617341#M497721 <HTML><HEAD></HEAD><BODY><P>Turn on split tunneling. This should solve your problem. Create an ACL with the network/host you want to tunnel. Everthing else will not be tunneled. </P><P></P><P>vpngroup Metalogic_Support split-tunnel Access_List_Name</P><P></P><P></P><P>Hope this helps!</P><P>Chad</P><P></P><P>Pleae rate if this helps!</P></BODY></HTML> Thu, 07 Sep 2006 17:20:58 GMT cpembleton 2006-09-07T17:20:58Z https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617340#M497720 <P>Hi</P><P></P><P>I need to give a remote support company access to a server behind our firewall. This company currently access 2 of our servers already by using public IP addresses which map to the servers private IPs. Unfortunately we have no public IPs left to do this again so need to think of another solution.</P><P></P><P>I set them up with VPN client s/w and added the follwing commands to the firewall </P><P></P><P>name 10.10.253.253 Metalogic_Support_Host</P><P></P><P>ip local pool Metalogic_Pool 10.10.253.253-10.10.253.253 mask 255.255.255.255</P><P></P><P>vpngroup Metalogic_Support address-pool Metalogic_Pool </P><P>vpngroup Metalogic_Support default-domain ***WITHHELD*** </P><P>vpngroup Metalogic_Support idle-time 1800</P><P>vpngroup Metalogic_Support password ***WITHHELD***</P><P></P><P>access-list acl_mdc_inside_nat0 permit ip host Server1 host Metalogic_Support_Host</P><P>access-list acl_mdc_inside_nat0 permit ip host Server2 host Metalogic_Support_Host</P><P>access-list acl_mdc_inside_nat0 permit ip host Server3 host Metalogic_Support_Host</P><P></P><P>This worked fine apart from disconnecting them from their LAN which causes problems for them.</P><P></P><P>Is there a way of keeping them connected to their LAN whilst the VPN connection is active and if not is there another way of me giving them access.</P><P></P><P>We have a Cisco Pix 515e running s/w version 6.3</P><P></P><P>Any help will be greatly appreciated</P><P></P><P>Thanks</P><P></P><P>Rex</P> Fri, 21 Feb 2020 09:09:40 GMT https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617340#M497720 Rex Biesty 2020-02-21T09:09:40Z https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617341#M497721 <HTML><HEAD></HEAD><BODY><P>Turn on split tunneling. This should solve your problem. Create an ACL with the network/host you want to tunnel. Everthing else will not be tunneled. </P><P></P><P>vpngroup Metalogic_Support split-tunnel Access_List_Name</P><P></P><P></P><P>Hope this helps!</P><P>Chad</P><P></P><P>Pleae rate if this helps!</P></BODY></HTML> Thu, 07 Sep 2006 17:20:58 GMT https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617341#M497721 cpembleton 2006-09-07T17:20:58Z https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617342#M497722 <HTML><HEAD></HEAD><BODY><P>Thanks for the reply Chad. When you say 'Create an ACL with the network/host you want to tunnel' do you mean the network that they are accessing remotely or the LAN on which they sit? Thanks.</P></BODY></HTML> Mon, 11 Sep 2006 13:29:59 GMT https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617342#M497722 Rex Biesty 2006-09-11T13:29:59Z https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617343#M497723 <HTML><HEAD></HEAD><BODY><P>An ACL for the networks on your side of the tunnel. Networks in the ACL will be routed over the VPN. Anything not in the ACL will go out the VPN clients normal interface.</P><P></P><P>Thanks,</P><P>Chad</P><P></P><P>Please rate if this helps! </P></BODY></HTML> Mon, 11 Sep 2006 15:38:33 GMT https://community.cisco.com/t5/network-security/remote-access-to-server-behind-pix-firewall/m-p/617343#M497723 cpembleton 2006-09-11T15:38:33Z