Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
366
Views
10
Helpful
3
Replies

Client static routes

a.paradis
Level 1
Level 1

‎04-05-2005 10:38 AM - edited ‎03-09-2019 10:51 AM

Hi,

I have a PPTP remote access VPN on a PIX 515E and was wondering if it is possible to send static routes to clients.

My problem is that I have my internal network and a DMZ. When a client connects to the VPN, he gets assigned an address ranging from the internal network. When I try to access my dmz, which is on another network, the client obviously doesn't know how to reach that network unless I manually type in the DMZ network in the client's static routes.

So it is like this:

VPN addr range: 192.168.1.48/28

Internal network: 192.168.1.0/24

DMZ network: 192.168.2.0/24

On a windows client, unless I do "route add 192.168.2.0 mask 255.255.255.0 <vpn ip>", it doesn't know how to get to the DMZ network.

Is there a way I can send static routes or configure my pix in some way so that I don't have to type that route every time?

Labels:
0 Helpful
3 Replies 3

sachinraja
Level 9
Level 9

‎04-06-2005 01:34 AM

Hello paradis,

strange.. i dont think u need to add any routes on the client .. once u get connected to the pix , and get an ip, which is on the same network as the inside, it only requires for the pix to know how to reach the dmz servers.. the client will just put on all packets on the ipsec tunnel..

cross check it and let us know.. what is the normal default gw of the windows client ? hope all the traffic goes through the tunnel... let us know

Raj

a.paradis
Level 1
Level 1
In response to sachinraja

‎04-06-2005 12:16 PM

The default gateway wasn't correct, but this was intentional: I checked an option in the advanced tcp/ip properties of the vpn connection. This option allowed the non-vpn traffic to go through my isp gateway and not the vpn gateway.

If I uncheck the option, I can easily reach the DMZ without adding a static route, but now I can't go on the Internet, as everything is forwarded to the vpn tunnel.

Would split tunneling fix this problem?

0 Helpful

sachinraja
Level 9
Level 9
In response to a.paradis

‎04-06-2005 09:18 PM

Hi paradis,

split tunneling will surely fix the problem of internet access, when on vpn.. this works perfectly well with ipsec, but really not sure if pptp has this option.. therez no configuration on pix which can be used to enable split tunneling on pix.. why dont you ask the user to go for a ipsec client ? you will also be benefitted by the encryption and authentication features of ipsec...

have a look at this url and see if this helps..

http://www.experts-exchange.com/Security/Firewalls/Q_21300201.html

let us know if you need any more assistance.. rate replies if found useful.

Raj

Customers Also Viewed These Support Documents