Solved: Re: remote office VPN to PIX then to Internet

netman2k5 · ‎02-25-2005

got a question: my remote office is using Cisco VPN client to central PIX firewall then we need to access to Internet from there. What is this feature called and how to config it ? Thank you very much.

aacole · ‎02-25-2005

This is not currently possible with the PIX, unless your Internet connection is via a proxy.

The PIX will not allow the same IP packet to come in and then back out of the same interface. However if the client connects to a proxy server on the inside network then that proxy connects to the Internet that will work.

Another way would be to use split tunneling which allows the VPN client to connect to the PIX, traffic bound for the internal network goes via the tunnel, whilst unencrypted Internet traffic goes out direct to the local internet connection.

Andy

View solution in original post

aacole · ‎02-25-2005

This is not currently possible with the PIX, unless your Internet connection is via a proxy.

The PIX will not allow the same IP packet to come in and then back out of the same interface. However if the client connects to a proxy server on the inside network then that proxy connects to the Internet that will work.

Another way would be to use split tunneling which allows the VPN client to connect to the PIX, traffic bound for the internal network goes via the tunnel, whilst unencrypted Internet traffic goes out direct to the local internet connection.

Andy

netman2k5 · ‎02-25-2005

Thanks, Andy.