site-to-site VPN router to PIX VPN

Discussion in 'Cisco' started by tical, May 27, 2004.

  1. tical

    tical Guest

    I have a site-to-site router to PIX VPN; all traffic sent from the
    remote site comes to the home office site with the PIX. Can you exempt
    certain traffic from coming back to the home office, and instead go
    direct to the internet? Any cisco.com links?

    thanks

    FrishacK
     
    tical, May 27, 2004
    #1
    1. Advertising

  2. In article <>,
    tical <> wrote:
    :I have a site-to-site router to PIX VPN; all traffic sent from the
    :remote site comes to the home office site with the PIX. Can you exempt
    :certain traffic from coming back to the home office, and instead go
    :direct to the internet?

    Yes.

    If your remote sites are PIXes or IOS boxes, then the traffic that should
    go directly should not be matched by the ACL named in your
    "crypto map match address" statement. Something similar should be possible
    if your remote sites are using Cisco VPN Concentrator 3002 models.

    If your remote sites are using the Cisco VPN software client and you
    have your home office site configured with 'vpngroup' then use
    the split-tunnel statement for vpngroup. The ACL named in the
    split-tunnel statement should be written from the point of view
    of traffic going *out* of the PIX towards the client, and the traffic
    that *should* go through the tunnel is what should be 'permit'd.
    Anything not permit'd will go directly to the internet. (Note: the
    VPN client configuration will need one box checked in order to expect
    split tunnels.)
    --
    Look out, there are llamas!
     
    Walter Roberson, May 27, 2004
    #2
    1. Advertising

  3. In article <c95gjn$rtd$>,
    Walter Roberson <-cnrc.gc.ca> wrote:
    |In article <>,
    |tical <> wrote:
    |:I have a site-to-site router to PIX VPN; all traffic sent from the
    |:remote site comes to the home office site with the PIX. Can you exempt
    |:certain traffic from coming back to the home office, and instead go
    |:direct to the internet?

    |Yes.

    By the way: if the remote sites are coming in via PPTP, then the
    answer is NO: there is no split-tunnel facility for PPTP.


    ps: next time please be specific about how you have the remote devices
    configured, so that we do not have to waste our time enumerating all
    the possible answers.
    --
    Disobey all self-referential sentences!
     
    Walter Roberson, May 27, 2004
    #3
  4. tical

    tical Guest

    "Walter Roberson" <-cnrc.gc.ca> wrote in message
    news:c95gmq$rti$...
    > In article <c95gjn$rtd$>,
    > Walter Roberson <-cnrc.gc.ca> wrote:
    > |In article <>,
    > |tical <> wrote:
    > |:I have a site-to-site router to PIX VPN; all traffic sent from the
    > |:remote site comes to the home office site with the PIX. Can you

    exempt
    > |:certain traffic from coming back to the home office, and instead go
    > |:direct to the internet?
    >
    > |Yes.
    >
    > By the way: if the remote sites are coming in via PPTP, then the
    > answer is NO: there is no split-tunnel facility for PPTP.
    >
    >
    > ps: next time please be specific about how you have the remote devices
    > configured, so that we do not have to waste our time enumerating all
    > the possible answers.
    > --

    Thanks for the info walter, sorry the vagueness

    -FrishacK-
     
    tical, May 27, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Javier Villegas
    Replies:
    1
    Views:
    545
    Walter Roberson
    Jan 27, 2004
  2. Jeff
    Replies:
    5
    Views:
    1,190
  3. Replies:
    1
    Views:
    423
    =?UTF-8?B?TWljaGHFgiBJd2Fzemtv?=
    Feb 22, 2007
  4. Replies:
    1
    Views:
    1,534
  5. tweety
    Replies:
    2
    Views:
    628
    desperado618
    Aug 3, 2008
Loading...

Share This Page