Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
4
Helpful
5
Replies

have VPN clients access the internet without split tunneling

gullevek1
Level 1
Level 1

‎06-06-2005 01:22 AM - edited ‎02-21-2020 12:11 AM

Hi,

I have PIX running and on my clients I have the Cisco VPN client installed. I can access all my internal networks fine (inside & dmz), but when I try to access any outside network I get a "No route to <outside ip> from <vpn client ip>"

What can I do, or what do I have to change, so my outside VPN clients can access the internet through the PIX fw. I heard that there might be issues, because the pix can't route traffic through the same device where it came in. what solutions do i have for this?

0 Helpful
5 Replies 5

owillins
Level 6
Level 6

‎06-10-2005 08:53 AM

It seems that the only way for doing accessing internet with enabling split tunneling is by having a router behind your pix. There is no possibility for the pix access Internet itself without spit tunneling.

0 Helpful

gullevek1
Level 1
Level 1
In response to owillins

‎06-10-2005 01:55 PM

But this is extremly difficult I think. Normaly the pix is used to access the internet. I even don't know if I can make a source routing on the PIX.

Say if traffic comes in from the VPN device, route it to this address instead if it doesn't match one of the other devices.

*sigh*

I am just asking myself, why nobody else has this issues. If I activate split tunneling I just have enormous problems ...

0 Helpful

mostiguy
Level 6
Level 6
In response to gullevek1

‎06-13-2005 09:35 AM

What problems do you have when you enable split tunnelling?

0 Helpful

ruzickaj
Level 1
Level 1
In response to mostiguy

‎06-30-2005 06:12 AM

I have similar problem but with SplitDNS.

I have VPNClient 4.6.03.0021 with Split tunnelling and DNS tunnelling connected to PIX and I cannot accessed internet and internal networks

Later I discover that my split tunnelling works fine, but the problem

is split DNS, so when I use IP address to connect it works fine.

The older client works fine

0 Helpful

ThorsonMacAoidh
Level 1
Level 1

‎08-18-2005 11:45 AM

You might try using a Proxy internally on your network. This will allow your client to proxy connect to the Proxy Server, then the proxy server will handle the outbound traffic for you. Suid or Microsoft ISA would be good candidates for testing.

Another configuration that I came up with one time to solve this problem (though I never got to test it out) was to use another interface (maybe VLAN interface will work) as the Remote Access VPN termination interface. You may have to subnet your external address space to accomplish this, though.

Also, the PIX restriction of not being able to route traffic out an interface that it recieve that traffic on (such as in your case), has been relaxed in PIX v7.x. I do not know if it will solve your problems, but it may be worth looking at.

TM

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card