PIX : provide Internet access to VPN clients without split tunnel

I want to provide Internet access to my VPN users without using split
tunnel. I know that it is not possible to route traffic by the same
interface as the packets come in. So I set up a default route to an another
interface. But...in that case, during ISAKMP negociation, packets are routed
to this default route and VPN client are unable to get answer. How can I set
up in Pix rules that IPSEC packets should be routed to the VPN interface.

I hope the schema below will help to understand my poor english :




Internet ------- Linux router ----- Pix Firewall ----- Internal LAN
|
|
|
Internet (VPN client access)


Thank you in advance for your advices or recommandations.

 

I want to provide Internet access to my VPN users without using split

The only thing I can think of is a proxy in the internal lan.
Bye,
Tosh.

 

:I want to provide Internet access to my VPN users without using split
:tunnel. I know that it is not possible to route traffic by the same
:interface as the packets come in. So I set up a default route to an another
:interface. But...in that case, during ISAKMP negociation, packets are routed
:to this default route and VPN client are unable to get answer. How can I set
:up in Pix rules that IPSEC packets should be routed to the VPN interface.

You can't do anywhere close to that kind of policy routing.

See the below for ideas:

http://groups.google.ca/groups?selm=c53rla$76q$