Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > site-to-site VPN router to PIX VPN

Reply
Thread Tools

site-to-site VPN router to PIX VPN

 
 
tical
Guest
Posts: n/a
 
      05-27-2004
I have a site-to-site router to PIX VPN; all traffic sent from the
remote site comes to the home office site with the PIX. Can you exempt
certain traffic from coming back to the home office, and instead go
direct to the internet? Any cisco.com links?

thanks

FrishacK


 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-27-2004
In article <(E-Mail Removed) m>,
tical <(E-Mail Removed)> wrote:
:I have a site-to-site router to PIX VPN; all traffic sent from the
:remote site comes to the home office site with the PIX. Can you exempt
:certain traffic from coming back to the home office, and instead go
:direct to the internet?

Yes.

If your remote sites are PIXes or IOS boxes, then the traffic that should
go directly should not be matched by the ACL named in your
"crypto map match address" statement. Something similar should be possible
if your remote sites are using Cisco VPN Concentrator 3002 models.

If your remote sites are using the Cisco VPN software client and you
have your home office site configured with 'vpngroup' then use
the split-tunnel statement for vpngroup. The ACL named in the
split-tunnel statement should be written from the point of view
of traffic going *out* of the PIX towards the client, and the traffic
that *should* go through the tunnel is what should be 'permit'd.
Anything not permit'd will go directly to the internet. (Note: the
VPN client configuration will need one box checked in order to expect
split tunnels.)
--
Look out, there are llamas!
 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-27-2004
In article <c95gjn$rtd$(E-Mail Removed)>,
Walter Roberson <(E-Mail Removed)-cnrc.gc.ca> wrote:
|In article <(E-Mail Removed) m>,
|tical <(E-Mail Removed)> wrote:
|:I have a site-to-site router to PIX VPN; all traffic sent from the
|:remote site comes to the home office site with the PIX. Can you exempt
|:certain traffic from coming back to the home office, and instead go
|:direct to the internet?

|Yes.

By the way: if the remote sites are coming in via PPTP, then the
answer is NO: there is no split-tunnel facility for PPTP.


ps: next time please be specific about how you have the remote devices
configured, so that we do not have to waste our time enumerating all
the possible answers.
--
Disobey all self-referential sentences!
 
Reply With Quote
 
tical
Guest
Posts: n/a
 
      05-27-2004

"Walter Roberson" <(E-Mail Removed)-cnrc.gc.ca> wrote in message
news:c95gmq$rti$(E-Mail Removed)...
> In article <c95gjn$rtd$(E-Mail Removed)>,
> Walter Roberson <(E-Mail Removed)-cnrc.gc.ca> wrote:
> |In article <(E-Mail Removed) m>,
> |tical <(E-Mail Removed)> wrote:
> |:I have a site-to-site router to PIX VPN; all traffic sent from the
> |:remote site comes to the home office site with the PIX. Can you

exempt
> |:certain traffic from coming back to the home office, and instead go
> |:direct to the internet?
>
> |Yes.
>
> By the way: if the remote sites are coming in via PPTP, then the
> answer is NO: there is no split-tunnel facility for PPTP.
>
>
> ps: next time please be specific about how you have the remote devices
> configured, so that we do not have to waste our time enumerating all
> the possible answers.
> --

Thanks for the info walter, sorry the vagueness

-FrishacK-


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN PIX-_static PIX ; PIX-dynamic_PIX ; VPN Client Svenn Cisco 3 03-13-2006 09:25 AM
Router to router and pix redundant IPSEC VPN rsurfer@gmail.com Cisco 1 02-06-2006 06:36 PM
Router (Dynamic IP) to PIX (static) VPN, how to force router to connect? Scott Townsend Cisco 6 07-03-2005 07:08 PM
Pix-Pix vpn via cisco 828 router Ants Cisco 2 11-30-2004 09:20 AM
PIX to PIX VPN and VPN Client to PIX Config Example? GVB Cisco 1 02-06-2004 07:44 PM



Advertisments