Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
323
Views
0
Helpful
2
Replies

PPTP to PIX 515--How to get Internet Access from Inside

fwstory
Level 1
Level 1

‎12-09-2004 10:40 AM - edited ‎02-20-2020 11:47 PM

Hello, I have just set up a PIX VPN for PPTP clients and they complain that it kills their Internet connectivity. Is there a way that I can configure the PIX to permit the clients to access the Internet from inside the VPN? I am thinking to use the Internet connection at the VPN site end rather than a split tunnel. The client would log into the VPN and from there access the Internet like the servers on the trusted side of the PIX.

Thanks,

frank

0 Helpful
2 Replies 2

mostiguy
Level 6
Level 6

‎12-09-2004 11:33 AM

YOu either need to split tunnel or configure the client pcs to use a web proxy that would need to be accessible through the tunnel

0 Helpful

pkapoor
Level 3
Level 3

‎12-10-2004 07:18 AM

First, you cannot do "I am thinking to use the Internet connection at the VPN site end rather than a split tunnel" on a PIX. This is because the PPTP clients will be connecting to the PIX outside interface and the PIX will not re-route (bounce back) traffic that came in on the outside interface, off the same interface. You could have this traffic go to the internal network (to a proxy server or a router) and then send it back after NAT so that the PIX thinks this traffic actually originated on the internal network.

Split-tunnel is not a concept that can be applied to PPTP in the same way it is applied to IPSec VPN. However, there are 2 workarounds. Both are client-side configurations.

1. In the properties of the PPTP client, in the Networking tab, in the TCP/IP properties > Advance: uncheck "Use default gateway on remote network".

Then connect and test.

2. This other workaround is not very feasible. It is documented at http://www.cisco.com/en/US/customer/tech/tk827/tk369/technologies_q_and_a_item09186a00800946ef.shtml

Q. I think I have a split tunneling issue. What should I do when a PPTP tunnel comes up on a PC, the PPTP router has a higher metric than the previous default, and I lose connectivity?

A. To remedy this problem, run a batch file (batch.bat) to modify the Microsoft routing. Delete the default and reinstall the default route (you must know the IP address that the PPTP client was assigned, such as 192.168.1.1).

In this example, the network inside the router is 10.13.1.x.

route delete 0.0.0.0

route add 0.0.0.0 mask 0.0.0.0 161.44.17.1 metric 1

route add 10.13.1.0 mask 255.255.255.0 192.168.1.1 metric 1

That should fix your issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card