07-18-2007 02:33 AM - edited 02-21-2020 03:09 PM
Hi.I have the following problem in my company. We have users that are going through a proxy server located on the DMZ side of a PIX to the internet(allowed through the DMZ ACL to the outside etc.).That works great.
The problem arises when they use a Cisco VPN client to connect to another company and they cannot access the Internet anymore but can work over VPN on a remote site(Cisco client has been allowed through the PIX). Everything returns to normal when they don't use the VPN client anymore.
Any ideas why this would happen?
Solved! Go to Solution.
07-18-2007 03:29 AM
Without the proxy either you browse the internet over the vpn connection, or split-tunnel is configured and you exit locally. In case split-tunnel is configured, the proxy-server ip address could be overlapping with the remote protected network.
Fortunately it is easy for you to find out how the vpn is configured, just check the route details tab of the vpn client's statistics.
Check the local pc routing table will also help you troubleshoot this issue.
07-18-2007 02:44 AM
I have an idea. The default behaviour of the Cisco VPN Client is to tunnel everything to the remote site. If your users only want to tunnel some traffic and access your own network at the same time, they would have to configure split-tunneling at the remote vpn site. Not all companies allow that though, you have to find out.
07-18-2007 03:06 AM
And one more thing that I just noticed is that if you disable the proxy in the Internet browser you can browse the Internet and do the work over VPN.Did on my PC though as few of us can access the Internet without the use of a proxy.
Don't know if it's connected to the split tunnel story though.
07-18-2007 03:29 AM
Without the proxy either you browse the internet over the vpn connection, or split-tunnel is configured and you exit locally. In case split-tunnel is configured, the proxy-server ip address could be overlapping with the remote protected network.
Fortunately it is easy for you to find out how the vpn is configured, just check the route details tab of the vpn client's statistics.
Check the local pc routing table will also help you troubleshoot this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide