PIX : provide Internet access to VPN clients without split tunnel

Discussion in 'Cisco' started by free, Dec 16, 2004.

  1. free

    free Guest

    I want to provide Internet access to my VPN users without using split
    tunnel. I know that it is not possible to route traffic by the same
    interface as the packets come in. So I set up a default route to an another
    interface. But...in that case, during ISAKMP negociation, packets are routed
    to this default route and VPN client are unable to get answer. How can I set
    up in Pix rules that IPSEC packets should be routed to the VPN interface.

    I hope the schema below will help to understand my poor english :




    Internet ------- Linux router ----- Pix Firewall ----- Internal LAN
    |
    |
    |
    Internet (VPN client access)


    Thank you in advance for your advices or recommandations.
    free, Dec 16, 2004
    #1
    1. Advertising

  2. free

    Tosh Guest

    Re: provide Internet access to VPN clients without split tunnel

    >I want to provide Internet access to my VPN users without using split

    The only thing I can think of is a proxy in the internal lan.
    Bye,
    Tosh.
    Tosh, Dec 17, 2004
    #2
    1. Advertising

  3. In article <41c178e0$0$11878$>,
    free <> wrote:
    :I want to provide Internet access to my VPN users without using split
    :tunnel. I know that it is not possible to route traffic by the same
    :interface as the packets come in. So I set up a default route to an another
    :interface. But...in that case, during ISAKMP negociation, packets are routed
    :to this default route and VPN client are unable to get answer. How can I set
    :up in Pix rules that IPSEC packets should be routed to the VPN interface.

    You can't do anywhere close to that kind of policy routing.

    See the below for ideas:

    http://groups.google.ca/groups?selm=c53rla$76q$
    --
    Most Windows users will run any old attachment you send them, so if
    you want to implicate someone you can just send them a Trojan
    -- Adam Langley
    Walter Roberson, Dec 17, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. a.nonny mouse
    Replies:
    2
    Views:
    1,052
  2. Jon L. Miller
    Replies:
    1
    Views:
    16,423
    Dumbkid
    Feb 7, 2005
  3. Replies:
    11
    Views:
    1,487
  4. Rohan
    Replies:
    1
    Views:
    1,330
    tweety
    Nov 29, 2006
  5. victoria
    Replies:
    0
    Views:
    798
    victoria
    Oct 11, 2007
Loading...

Share This Page