Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Surfing the internet WHILST using a VPN connection (PIX 513)

Reply
Thread Tools

Surfing the internet WHILST using a VPN connection (PIX 513)

 
 
Joe.Mobley@nationalexpress.com
Guest
Posts: n/a
 
      08-23-2006
I have a Cisco Pix 513. From the outside interface users VPN into the
network. Once on the network users wish to browse the internet. The
problem is the fact that the internet connection is out through the
same firewall they have just connected in through. Is it possible to
get this working at all??

Thank you in advance

 
Reply With Quote
 
 
 
 
amattina@layer8group.com
Guest
Posts: n/a
 
      08-23-2006

http://www.velocityreviews.com/forums/(E-Mail Removed) wrote:
> I have a Cisco Pix 513. From the outside interface users VPN into the
> network. Once on the network users wish to browse the internet. The
> problem is the fact that the internet connection is out through the
> same firewall they have just connected in through. Is it possible to
> get this working at all??
>
> Thank you in advance


Yes this should work. Can regular users inside this network browse the
Internet? Check your ruleset...

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      08-23-2006
In article <(E-Mail Removed). com>,
(E-Mail Removed) <(E-Mail Removed)> wrote:

>(E-Mail Removed) wrote:
>> I have a Cisco Pix 513. From the outside interface users VPN into the
>> network. Once on the network users wish to browse the internet. The
>> problem is the fact that the internet connection is out through the
>> same firewall they have just connected in through. Is it possible to
>> get this working at all??


>Yes this should work. Can regular users inside this network browse the
>Internet? Check your ruleset...


There is no PIX 513.

There is a PIX 515, and a re-spun version of that called the PIX 515E.
Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
is possible in PIX 7.x, but only in cases (such as this one) where
at least one VPN is involved on the common interface.

In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
a seperate physical interface that is also connected to the ISP. This
requires either a distinct IP address range or else that the public
address range be subnetted (in which case a WAN router must also be
involved.)

In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
onto physical interfaces, and to treat the VLANs as logical interfaces.
This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
without needing a seperate physical interface... provided that there
is a WAN router and it handles 802.1Q VLAN trunking.
 
Reply With Quote
 
Joe.Mobley@nationalexpress.com
Guest
Posts: n/a
 
      08-24-2006
Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
proceed to upgrade the IOS today. Thank you very much
Walter Roberson wrote:
> In article <(E-Mail Removed). com>,
> (E-Mail Removed) <(E-Mail Removed)> wrote:
>
> >(E-Mail Removed) wrote:
> >> I have a Cisco Pix 513. From the outside interface users VPN into the
> >> network. Once on the network users wish to browse the internet. The
> >> problem is the fact that the internet connection is out through the
> >> same firewall they have just connected in through. Is it possible to
> >> get this working at all??

>
> >Yes this should work. Can regular users inside this network browse the
> >Internet? Check your ruleset...

>
> There is no PIX 513.
>
> There is a PIX 515, and a re-spun version of that called the PIX 515E.
> Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
> is possible in PIX 7.x, but only in cases (such as this one) where
> at least one VPN is involved on the common interface.
>
> In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
> a seperate physical interface that is also connected to the ISP. This
> requires either a distinct IP address range or else that the public
> address range be subnetted (in which case a WAN router must also be
> involved.)
>
> In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
> onto physical interfaces, and to treat the VLANs as logical interfaces.
> This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
> without needing a seperate physical interface... provided that there
> is a WAN router and it handles 802.1Q VLAN trunking.


 
Reply With Quote
 
James
Guest
Posts: n/a
 
      08-24-2006
I don't have any experience with the Cisco VPN client, but most other
vendors clients such as Netscreen's, allow you to surf the Internet
locally using your ISP connection and send traffic over the VPN at the
same time.

They do this by routing traffic for the corporate IP range into a
virtual VPN Network Adpater and any other traffic to your Default
Gateway.

As IPSEC is a standard these clients should work with Cisco devices
too.

James

(E-Mail Removed) wrote:
> Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
> proceed to upgrade the IOS today. Thank you very much
> Walter Roberson wrote:
> > In article <(E-Mail Removed). com>,
> > (E-Mail Removed) <(E-Mail Removed)> wrote:
> >
> > >(E-Mail Removed) wrote:
> > >> I have a Cisco Pix 513. From the outside interface users VPN into the
> > >> network. Once on the network users wish to browse the internet. The
> > >> problem is the fact that the internet connection is out through the
> > >> same firewall they have just connected in through. Is it possible to
> > >> get this working at all??

> >
> > >Yes this should work. Can regular users inside this network browse the
> > >Internet? Check your ruleset...

> >
> > There is no PIX 513.
> >
> > There is a PIX 515, and a re-spun version of that called the PIX 515E.
> > Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
> > is possible in PIX 7.x, but only in cases (such as this one) where
> > at least one VPN is involved on the common interface.
> >
> > In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
> > a seperate physical interface that is also connected to the ISP. This
> > requires either a distinct IP address range or else that the public
> > address range be subnetted (in which case a WAN router must also be
> > involved.)
> >
> > In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
> > onto physical interfaces, and to treat the VLANs as logical interfaces.
> > This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
> > without needing a seperate physical interface... provided that there
> > is a WAN router and it handles 802.1Q VLAN trunking.


 
Reply With Quote
 
Joe.Mobley@nationalexpress.com
Guest
Posts: n/a
 
      08-24-2006
Thanks James. I think this is known as a split tunnel. I have
considered this option but the only downside is the security aspect.
You are basically bridging the internet and your corporate LAN.


James wrote:
> I don't have any experience with the Cisco VPN client, but most other
> vendors clients such as Netscreen's, allow you to surf the Internet
> locally using your ISP connection and send traffic over the VPN at the
> same time.
>
> They do this by routing traffic for the corporate IP range into a
> virtual VPN Network Adpater and any other traffic to your Default
> Gateway.
>
> As IPSEC is a standard these clients should work with Cisco devices
> too.
>
> James
>
> (E-Mail Removed) wrote:
> > Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
> > proceed to upgrade the IOS today. Thank you very much
> > Walter Roberson wrote:
> > > In article <(E-Mail Removed). com>,
> > > (E-Mail Removed) <(E-Mail Removed)> wrote:
> > >
> > > >(E-Mail Removed) wrote:
> > > >> I have a Cisco Pix 513. From the outside interface users VPN into the
> > > >> network. Once on the network users wish to browse the internet. The
> > > >> problem is the fact that the internet connection is out through the
> > > >> same firewall they have just connected in through. Is it possible to
> > > >> get this working at all??
> > >
> > > >Yes this should work. Can regular users inside this network browse the
> > > >Internet? Check your ruleset...
> > >
> > > There is no PIX 513.
> > >
> > > There is a PIX 515, and a re-spun version of that called the PIX 515E.
> > > Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
> > > is possible in PIX 7.x, but only in cases (such as this one) where
> > > at least one VPN is involved on the common interface.
> > >
> > > In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
> > > a seperate physical interface that is also connected to the ISP. This
> > > requires either a distinct IP address range or else that the public
> > > address range be subnetted (in which case a WAN router must also be
> > > involved.)
> > >
> > > In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
> > > onto physical interfaces, and to treat the VLANs as logical interfaces.
> > > This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
> > > without needing a seperate physical interface... provided that there
> > > is a WAN router and it handles 802.1Q VLAN trunking.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet - Take Advantage of Multiple Windows When Surfing Visitbazaar Info MCSD 0 03-31-2008 05:05 PM
Unable to clear DNS cache whilst repairing wireless connection =?Utf-8?B?bWFyay5ldw==?= Wireless Networking 3 02-02-2007 09:52 PM
Amazing what one can learn whilst surfing Richard HTML 5 12-28-2004 10:57 PM
Printing to LAN Printer whilst connected to VPN Andy Cisco 2 08-23-2004 11:56 AM
Cannot get IE to display pages whilst using Dialup connection Blobby J Blobdom Computer Support 0 02-12-2004 11:00 AM



Advertisments