Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
4
Helpful
3
Replies

Cannot connect to internet while VPN client is connected.

m-jankowski
Level 1
Level 1

‎02-16-2007 06:50 PM - edited ‎02-21-2020 02:52 PM

Now that I have my VPN client working correctly behind the PIX I have a new problem.

I cannot connect to the internet while connected to the remote VPN server. Is this because I'm 'pushing' the other networks DNS, WINS, and gateway to the clients when they connect?

Labels:
0 Helpful
3 Replies 3

jmia
Level 7
Level 7

‎02-17-2007 01:56 AM

You don't specify which PIX software version your running, so I am assuming it is version 6.3+ if this is the case then what your missing is known as 'split-tunneling' - by adding the following, you'll be able to connect to your PIX using the vpn client whilst also accessing the internet.

From a security point of view, I wouldn't allow this! I would rather allow access via a proxy within your secure LAN i.e. when your connected via the client to your LAN set your internet browser to point to a internal proxy ip address and hence all internet browseing traffic will traverse via the encrypted tunnel.

access-list 101 permit ip 10.0.0.0 255.255.255.0 172.16.200.0 255.255.255.224

nat (inside) 0 access-list 101

vpngroup split-tunnel 101

If your using PIX/ASA version 7.0+ then take a look here:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805734ae.shtml

Also, if you have not already done so, I would enable nat-traversal this will help if your vpn client connection encounters a NAT device along the path as NAT and IPSec don't go hand-in-hand!!

i.e.

isakmp nat-traversal

Hope this helps and please rate posts!

Jay

Mrkaprino
Level 1
Level 1

‎02-18-2007 09:40 AM

I have the similar problem,there is no problem connecting directly from the internet, but when connecting behind PIX firewall, the user can only establish the remote VPN tunnel and can not access anything, even DNS.

I already check the VPN Acceslist for that Remote VPN connection and it looks good. Is it a nating issue or a firewall issue?

Thanks,

Kaprino

0 Helpful

kaachary
Cisco Employee
Cisco Employee
In response to Mrkaprino

‎02-19-2007 04:01 AM

hi,

You have to enable "isakmp nat-t" on the headend pix and make sure "Enable Tranparent tunneling" is checked on the vpn client.

That shud do it !

HTH,

-Kanishka

0 Helpful
Customers Also Viewed These Support Documents