We have been using MS VPN client to access PIX 515 VPN for one year. It works. The only problem is when the VPN client establishes the VPN, it can't access the Internet until disconnecting the VPN. I believe that we can configure PIX to point the Internet but don’t know how. Can you help us?

Here are our configuration.

PIX Version 6.2(2)

nameif ethernet0 outside security0

nameif ethernet1 inside security100

hostname cbgfirewall

domain-name chicagobotanic.org

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol ils 389

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

name 10.0.0.8 cbgnt

name 10.0.0.1 cbgnet

name 10.0.0.11 bob

name 10.0.0.22 apps1

access-list 101 permit ip 10.0.0.0 255.255.0.0 192.168.1.0 255.255.255.0

pager lines 24

logging on

logging history errors

interface ethernet0 100full

interface ethernet1 auto

icmp deny any echo outside

mtu outside 1500

mtu inside 1500

ip address outside xxxx.xxx.35.194 255.255.255.224

ip address inside xxx.xx.0.2 255.255.0.0

ip audit info action alarm

ip audit attack action alarm

ip local pool bigpool xxx.xxx.1.1-192.168.1.254

pdm location cbgnet 255.255.255.255 inside

pdm location cbgnt 255.255.255.255 inside

pdm location bob 255.255.255.255 inside

pdm location apps1 255.255.255.255 inside

pdm logging critical 100

pdm history enable

arp timeout 14400

global (outside) 1 x.x.x.x-210.x.35.221 netmask 255.255.255.224

global (outside) 1 x.x.35.222 netmask 255.255.255.224

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 210.32.35.195 cbgnt netmask 255.255.255.255 0 0

static (inside,outside) 210.32.35.196 cbgnet netmask 255.255.255.255 0 0

static (inside,outside) 210.32.35.198 apps1 netmask 255.255.255.255 0 0

static (inside,outside) 210.32.35.197 bob netmask 255.255.255.255 0 0

conduit permit tcp host 210.32.35.195 eq smtp any

conduit permit tcp host 210.32.35.195 eq pop3 any

conduit permit tcp host 210.32.35.196 eq https any

conduit permit tcp host 210.32.35.196 eq smtp any

conduit permit tcp host 210.32.35.196 eq pop3 any

conduit permit tcp host 210.32.35.196 eq www any

conduit permit tcp host 210.32.35.196 eq ftp any

conduit deny tcp host 210.32.35.194 eq 3283 any

conduit permit tcp host 210.32.35.198 eq www any

conduit deny tcp host 210.32.35.198 eq ftp any

conduit deny tcp host 210.32.35.198 eq smtp any

conduit deny tcp host 210.32.35.198 eq pop3 any

conduit permit tcp host 210.32.35.195 eq https any

conduit permit icmp any any echo-reply

conduit permit gre host 210.32.35.197 any

conduit permit tcp host 210.32.35.197 eq 1723 any

conduit permit tcp host 210.32.35.197 eq 5800 any

conduit permit tcp host 210.32.35.197 eq pcanywhere-data any

conduit permit tcp host 210.32.35.197 eq 5632 any

conduit permit tcp host 210.32.35.197 eq www any

outbound 10 permit cbgnet 255.255.0.0 80 tcp

apply (inside) 10 outgoing_src

route outside 0.0.0.0 0.0.0.0 210.32.35.193 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

aaa-server LOCAL protocol local

http server enable

http bob 255.255.255.255 inside

http 10.0.0.0 255.255.0.0 inside

snmp-server host inside bob

snmp-server location cbgfirewall

snmp-server contact blin

snmp-server community public

snmp-server enable traps

floodguard enable

sysopt connection permit-ipsec

sysopt connection permit-pptp

no sysopt route dnat

telnet 10.0.0.0 255.255.0.0 inside

telnet timeout 5

ssh timeout 5

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe 128

vpdn group 1 client configuration address local bigpool

vpdn group 1 client configuration dns cbgnet

vpdn group 1 client configuration wins cbgnet

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username 194U password *********

vpdn username blin password *********

vpdn username setup password *********

vpdn enable outside

terminal width 80