Re: PIX to 3005 Routing question

harvey.dewan · ‎11-02-2004

I have an exsisting tunnel between a PIX and a 3005. How to make all traffic go through the tunnel. Right now port 80 traffic does not go through the tunnel. I wasnt to force all traffice from the remote site through the tunnel.

sachinraja · ‎11-03-2004

You have to configure the interesting traffic access-lists accordingly on the PIX & VPN 3005. there are access-lists which are mapped onto the crypto maps, which will specify the traffic to be passed through the IPSEC tunnel. use the following access-list to pass all traffic through the IPSEC

access-list interesting_traffic permit ip 192.168.1.0 255.255.255.0 (local network) any

you need to configure the same parameters on the network lists of 3005.

All the best !!

harvey.dewan · ‎11-08-2004

What I am trying to do, is force all external traffic through the tunnel. Normally internet traffice would not go throught the tunnel, but this is what I want to do.

sachinraja · ‎11-09-2004

split tunneling should be taken care of. Split tunneling tells you which traffic to send through the IPSEC tunnel. By default split tunneling is off. during this, all traffic passes through the IPSEC tunnel. You cannot browse internet when on IPSEC, when split tunneling is disabled.

You can as well enable split tunneling and specify necessary traffic to flow through the tunnel..

you have to anyway be on internet to connect IPSEC. So , there is no fundamental requirement of browsing through IPSEC. browsing will be through the normal LAN card.

Hope this helps !! rate all replies if found useful..