Surfing the internet WHILST using a VPN connection (PIX 513)

Discussion in 'Cisco' started by Joe.Mobley@nationalexpress.com, Aug 23, 2006.

  1. Guest

    I have a Cisco Pix 513. From the outside interface users VPN into the
    network. Once on the network users wish to browse the internet. The
    problem is the fact that the internet connection is out through the
    same firewall they have just connected in through. Is it possible to
    get this working at all??

    Thank you in advance
    , Aug 23, 2006
    #1
    1. Advertising

  2. Guest

    wrote:
    > I have a Cisco Pix 513. From the outside interface users VPN into the
    > network. Once on the network users wish to browse the internet. The
    > problem is the fact that the internet connection is out through the
    > same firewall they have just connected in through. Is it possible to
    > get this working at all??
    >
    > Thank you in advance


    Yes this should work. Can regular users inside this network browse the
    Internet? Check your ruleset...
    , Aug 23, 2006
    #2
    1. Advertising

  3. In article <>,
    <> wrote:

    > wrote:
    >> I have a Cisco Pix 513. From the outside interface users VPN into the
    >> network. Once on the network users wish to browse the internet. The
    >> problem is the fact that the internet connection is out through the
    >> same firewall they have just connected in through. Is it possible to
    >> get this working at all??


    >Yes this should work. Can regular users inside this network browse the
    >Internet? Check your ruleset...


    There is no PIX 513.

    There is a PIX 515, and a re-spun version of that called the PIX 515E.
    Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
    is possible in PIX 7.x, but only in cases (such as this one) where
    at least one VPN is involved on the common interface.

    In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
    a seperate physical interface that is also connected to the ISP. This
    requires either a distinct IP address range or else that the public
    address range be subnetted (in which case a WAN router must also be
    involved.)

    In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
    onto physical interfaces, and to treat the VLANs as logical interfaces.
    This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
    without needing a seperate physical interface... provided that there
    is a WAN router and it handles 802.1Q VLAN trunking.
    Walter Roberson, Aug 23, 2006
    #3
  4. Guest

    Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
    proceed to upgrade the IOS today. Thank you very much :)
    Walter Roberson wrote:
    > In article <>,
    > <> wrote:
    >
    > > wrote:
    > >> I have a Cisco Pix 513. From the outside interface users VPN into the
    > >> network. Once on the network users wish to browse the internet. The
    > >> problem is the fact that the internet connection is out through the
    > >> same firewall they have just connected in through. Is it possible to
    > >> get this working at all??

    >
    > >Yes this should work. Can regular users inside this network browse the
    > >Internet? Check your ruleset...

    >
    > There is no PIX 513.
    >
    > There is a PIX 515, and a re-spun version of that called the PIX 515E.
    > Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
    > is possible in PIX 7.x, but only in cases (such as this one) where
    > at least one VPN is involved on the common interface.
    >
    > In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
    > a seperate physical interface that is also connected to the ISP. This
    > requires either a distinct IP address range or else that the public
    > address range be subnetted (in which case a WAN router must also be
    > involved.)
    >
    > In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
    > onto physical interfaces, and to treat the VLANs as logical interfaces.
    > This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
    > without needing a seperate physical interface... provided that there
    > is a WAN router and it handles 802.1Q VLAN trunking.
    , Aug 24, 2006
    #4
  5. James Guest

    I don't have any experience with the Cisco VPN client, but most other
    vendors clients such as Netscreen's, allow you to surf the Internet
    locally using your ISP connection and send traffic over the VPN at the
    same time.

    They do this by routing traffic for the corporate IP range into a
    virtual VPN Network Adpater and any other traffic to your Default
    Gateway.

    As IPSEC is a standard these clients should work with Cisco devices
    too.

    James

    wrote:
    > Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
    > proceed to upgrade the IOS today. Thank you very much :)
    > Walter Roberson wrote:
    > > In article <>,
    > > <> wrote:
    > >
    > > > wrote:
    > > >> I have a Cisco Pix 513. From the outside interface users VPN into the
    > > >> network. Once on the network users wish to browse the internet. The
    > > >> problem is the fact that the internet connection is out through the
    > > >> same firewall they have just connected in through. Is it possible to
    > > >> get this working at all??

    > >
    > > >Yes this should work. Can regular users inside this network browse the
    > > >Internet? Check your ruleset...

    > >
    > > There is no PIX 513.
    > >
    > > There is a PIX 515, and a re-spun version of that called the PIX 515E.
    > > Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
    > > is possible in PIX 7.x, but only in cases (such as this one) where
    > > at least one VPN is involved on the common interface.
    > >
    > > In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
    > > a seperate physical interface that is also connected to the ISP. This
    > > requires either a distinct IP address range or else that the public
    > > address range be subnetted (in which case a WAN router must also be
    > > involved.)
    > >
    > > In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
    > > onto physical interfaces, and to treat the VLANs as logical interfaces.
    > > This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
    > > without needing a seperate physical interface... provided that there
    > > is a WAN router and it handles 802.1Q VLAN trunking.
    James, Aug 24, 2006
    #5
  6. Guest

    Thanks James. I think this is known as a split tunnel. I have
    considered this option but the only downside is the security aspect.
    You are basically bridging the internet and your corporate LAN.


    James wrote:
    > I don't have any experience with the Cisco VPN client, but most other
    > vendors clients such as Netscreen's, allow you to surf the Internet
    > locally using your ISP connection and send traffic over the VPN at the
    > same time.
    >
    > They do this by routing traffic for the corporate IP range into a
    > virtual VPN Network Adpater and any other traffic to your Default
    > Gateway.
    >
    > As IPSEC is a standard these clients should work with Cisco devices
    > too.
    >
    > James
    >
    > wrote:
    > > Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
    > > proceed to upgrade the IOS today. Thank you very much :)
    > > Walter Roberson wrote:
    > > > In article <>,
    > > > <> wrote:
    > > >
    > > > > wrote:
    > > > >> I have a Cisco Pix 513. From the outside interface users VPN into the
    > > > >> network. Once on the network users wish to browse the internet. The
    > > > >> problem is the fact that the internet connection is out through the
    > > > >> same firewall they have just connected in through. Is it possible to
    > > > >> get this working at all??
    > > >
    > > > >Yes this should work. Can regular users inside this network browse the
    > > > >Internet? Check your ruleset...
    > > >
    > > > There is no PIX 513.
    > > >
    > > > There is a PIX 515, and a re-spun version of that called the PIX 515E.
    > > > Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
    > > > is possible in PIX 7.x, but only in cases (such as this one) where
    > > > at least one VPN is involved on the common interface.
    > > >
    > > > In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
    > > > a seperate physical interface that is also connected to the ISP. This
    > > > requires either a distinct IP address range or else that the public
    > > > address range be subnetted (in which case a WAN router must also be
    > > > involved.)
    > > >
    > > > In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
    > > > onto physical interfaces, and to treat the VLANs as logical interfaces.
    > > > This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
    > > > without needing a seperate physical interface... provided that there
    > > > is a WAN router and it handles 802.1Q VLAN trunking.
    , Aug 24, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. GVB
    Replies:
    1
    Views:
    2,752
    Martin Bilgrav
    Feb 6, 2004
  2. Andy
    Replies:
    2
    Views:
    7,511
    Bob Fisk
    Aug 23, 2004
  3. Blobby J Blobdom

    Cannot get IE to display pages whilst using Dialup connection

    Blobby J Blobdom, Feb 12, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    451
    Blobby J Blobdom
    Feb 12, 2004
  4. PS

    To Sync Folders whilst using 2 networks

    PS, Apr 12, 2004, in forum: Computer Support
    Replies:
    0
    Views:
    365
  5. =?Utf-8?B?bWFyay5ldw==?=

    Unable to clear DNS cache whilst repairing wireless connection

    =?Utf-8?B?bWFyay5ldw==?=, Feb 2, 2007, in forum: Wireless Networking
    Replies:
    3
    Views:
    3,133
    =?Utf-8?B?bWFyay5ldw==?=
    Feb 2, 2007
Loading...

Share This Page