Cisco 3.x to PIX vpn with internet via tunnel

Hello and thanks in advance for reading my post.

I currently have a basic setup for client to pix vpn which works good.
I am using Cisco 3.x and 4.x clients and ipsec using vpngroup features
on a PIX 506E firewall. Again everything works. I have come across a
need however to have all internet traffic from the remotes using the
client to go out of the firewall they are vpning into. The reason
is... because we have a customer we access who has to limit the
connection they allow to the IP address of the PIX. So everyone
inside our network is fine and can access the customer with no
problem. The remote users however, are another story. How can I
configure the tunnel to basically "use the remote gateway" for
internet traffic?

Any help is greatly appreciated. Again thanks.

J.P. Plante

 

:I currently have a basic setup for client to pix vpn which works good.
:I am using Cisco 3.x and 4.x clients and ipsec using vpngroup features
n a PIX 506E firewall. Again everything works. I have come across a
:need however to have all internet traffic from the remotes using the
:client to go out of the firewall they are vpning into.

You can't do that with a 506E with any supported software version.

You will be able to do it if/when Cisco makes PIX 7.0 available
for PIX 506/506E.


: The reason
:is... because we have a customer we access who has to limit the
:connection they allow to the IP address of the PIX. So everyone
:inside our network is fine and can access the customer with no
roblem. The remote users however, are another story. How can I
:configure the tunnel to basically "use the remote gateway" for
:internet traffic?

If your outside router supports VLANs then with the 506/506E
(but NOT the 501) if you have spare IP addresses then you can
do work-arounds involving VLANs. For more information see
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1075586