gateway for internet access

ccrespoh · ‎06-17-2004

Hello,

I've configured a VPN from outside and it works fine. The problem I have is about the access to internet.

The address pool to the VPN connection is not within the inside range. And I don't know which gateway I have to configure the VPN clients if they want to access to the Internet.

They are connecting with our DNS in the inside and it can resolve the names, but they can't connect to any outside system.

How do I have to configure the VPN to get Internet access?

And, where can I obtain stuff about VPN configuration and management?

Thanks in advance.

Richard Burts · ‎06-17-2004

Without knowing some more about your hardware and your topology we can not tell you how to do this - or even if this can be done. One of the key points is that if the VPN is terminated on a PIX, the current code on the PIX will not allow a packet to exit on the same interface that it entered on. So you would not be able to grant direct Internet access if you are terminating on a PIX.

I have a customer with a somewhat similar situation. They have two Internet gateways, one for VPN traffic and one for general Internet access. When VPN traffic from a remote client is received and the destination is an Internet address, the packet if forwarded to an inside router which forwards it to the general Internet gateway. So they can get Internet access.

If you happen to have two Internet gateways, this kind of solution may work for you.

So would you tell us more about your hardware and your topology?

HTH

Rick

ccrespoh · ‎06-17-2004

You are answered my question. I've a PIX and the VPN is terminated in it. I knew the PIX not allow to send packet on the same interface that it enter on, but I thought it would there're any way to do that (through gateways or something like that).

I only have one way to access to Internet, and it's through the PIX, of course. So, as you said, I have no way to give Internet access to VPN clients, haven't I?

Thanks again.