Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
4
Replies

VPN client default route

tbearden
Level 1
Level 1

‎02-27-2002 05:17 PM - edited ‎02-21-2020 11:37 AM

I have a pix 515 and am using the vpn client 3.5.1 to connect users from the internet. Currently I have a split tunnel that puts 10./8 traffic over the vpn and everything else over the local network. What I would like to do is break the tunnel and have all the clients traffic either go through the pix or forward out to my netbsd gateway. Can anyone help with this.

Toby

Labels:
0 Helpful
4 Replies 4

sgamer
Level 1
Level 1

‎03-01-2002 10:54 AM

I am not sure what the netbsd gateway is but I've found that the PIX VPN won't forward traffic out the same port it came in on. If the netbsd is some kind of proxy server I'd think you could use it for the VPN users but I'm just guessing on that one. You can enable the "stateful firewall" on the client which would add some security to the remote node.

0 Helpful

tbearden
Level 1
Level 1
In response to sgamer

‎03-03-2002 08:18 PM

This is essentially how we are layed out:

Internet

|

------------------

| |

PIX NetBSD

| |

------------------

|

Internal Network

The VPN connections come into the pix, but all internal network traffic goes out the netbsd. I want to be able to disable local lan access on the vpn client and have the clients internet traffic go through the PIX and out the netbsd. I can always set the proxy server option on the client and then http goes through the squid on the netbsd, but I would like to be able to route all the traffic not just proxy http. Thanks for your help, at least now I can narrow it down a bit.

0 Helpful

scott
Level 1
Level 1
In response to tbearden

‎03-03-2002 10:00 PM

If I understand you correctly, you want all of your VPN traffic to go back out thought the PIX to access the Internet. Is this to prevent the user from having unsecured connections while connected to your Private net? The only problem with your layout is that the PIX isn't a router. It cannot re-route traffic out of an interface that it came in on. So users coming in on (Outside) via the VPN to access (inside/DMZ, whatever) cannot go back out through (Outside) to access the web.

0 Helpful

tbearden
Level 1
Level 1
In response to scott

‎03-04-2002 12:13 PM

You have got the general idea, but I can also live with routing all traffic to the netbsd box, which is on the inside interface, and out to the internet that way. Can I do that?

0 Helpful
Customers Also Viewed These Support Documents