If you want to have conduit rule checking for both the VPN and non-VPN traffic, use the "crypto map xxxxxx interface outside" command without the "sysopt ipsec pl-compatible". If you use the pl-compatible, I don't think the VPN traffic will be analy...
You should be able to use either the PIX or the 2610 to terminate your IPSec tunnels. If you use the 2610, you will need an IPSec IOS. If the 2610 is on the Internet side of the PIX, and you use the 2600 as the VPN endpoint, data between the router...
As long as you don't enable split tunneling (by default it's disabled), all Internet activity outside the tunnel is blocked while the VPN client is running. If you're trying to protect your private network from the end user system itself, security s...
