Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
2
Replies

Information on routing traffic from VPN client to PIX.

Go to solution
pabelanger
Level 1
Level 1

‎03-28-2005 12:37 PM - edited ‎02-21-2020 01:41 PM

Hey all,

I have been able to follow the VPN Wizard included in the PDM and able to connect with VPN Clients to the PIX. But I'm looking for information on how routing is done.

For example, my outside is 67.71.252.xxx and my inside is 192.168.1.xxx. But if I connect via VPN Client to PIX, all data is transfered across my VPN to the PIX then attemps to go back out to the Internet.

I would only like data going to 192.168.1.xxx to transit the VPN. Is this configuration done via the PIX or is it the responsibility of the Client machine to setup route rules?

Any links to setup guides, or tech notes would be awesome.

Thanks inadvance,

Paul

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mhussein
Level 4
Level 4

‎03-28-2005 01:27 PM

Hello,

I think the keyword you are looking for is "split tunnelling". This can be enabled on the PIX by using the command vpngroup group_name split-tunnel access_list.

"Split tunneling allows a remote VPN client or Easy VPN Remote device simultaneous encrypted access to the corporate network and clear access to the Internet. Using the vpngroup split-tunnel command, specify the access list name to which to associate the split tunnelling of traffic"

In this config example: http://www.cisco.com/warp/public/110/pix3000.html, note that the same access-list is used for "nat 0" and split-tunnelling:

access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

nat (inside) 0 access-list 101

vpngroup vpn3000 split-tunnel 101

Command Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1099471

Please let us know if that helped

Regards,

Mustafa

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mhussein
Level 4
Level 4

‎03-28-2005 01:27 PM

Hello,

I think the keyword you are looking for is "split tunnelling". This can be enabled on the PIX by using the command vpngroup group_name split-tunnel access_list.

"Split tunneling allows a remote VPN client or Easy VPN Remote device simultaneous encrypted access to the corporate network and clear access to the Internet. Using the vpngroup split-tunnel command, specify the access list name to which to associate the split tunnelling of traffic"

In this config example: http://www.cisco.com/warp/public/110/pix3000.html, note that the same access-list is used for "nat 0" and split-tunnelling:

access-list 101 permit ip 10.1.1.0 255.255.255.0 10.1.2.0 255.255.255.0

nat (inside) 0 access-list 101

vpngroup vpn3000 split-tunnel 101

Command Reference:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a00801727ae.html#wp1099471

Please let us know if that helped

Regards,

Mustafa

0 Helpful

Go to solution
pabelanger
Level 1
Level 1
In response to mhussein

‎03-28-2005 02:20 PM

Mustafa,

Awesome! Right on the money, seems to have done the trick.

I may post another question in here, but out of time for today.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents