RE: PIX to VPN 3000 Client Configuration

From: Chuck Church (cchurch@xxxxxxxxxxxx)
Date: Fri Jun 28 2002 - 23:54:35 GMT-3

• Next message: Katson Yeung: "RE: 7507 channel-group support BVI or not?"
• Previous message: Chuck Church: "RE: 7507 channel-group support BVI or not?"
• Maybe in reply to: blewis@xxxxxxxxxxxxx: "PIX to VPN 3000 Client Configuration"
• Next in thread: Michael Popovich: "RE: PIX to VPN 3000 Client Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
I think this command really just tells the VPN client to allow unencrypted
connections to other places other than just the tunnel. Without this
command, the client is basically being told to send all traffic to the PIX.
I don't think non-VPN bound traffic ever hits the PIX.

Chuck Church
CCIE #8776, MCNE, MCSE
Sr. Network Engineer
Magnacom Technologies
140 N. Rt. 303
Valley Cottage, NY 10989
845-267-4000

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
blewis@btconnect.com
Sent: Thursday, June 27, 2002 6:55 AM
To: Larson, Chris (Contractor); 'blewis@btconnect.com';
'ccielab@groupstudy.com'
Subject: RE: PIX to VPN 3000 Client Configuration

there is a command you can use to split the tunnel
under the vpn group configuration. This allows you to
terminate the vpn then redirect web traffic back out of
the interface. I wonder if this will act in the same way
when redirecting back over a vpn connection?

Brett

---- original message ----

>
>If I understand you correctly you are trying to get the
PIX to redirect a
>VPN connection out the sam interface it came in on.
>From my experience you
>cannot do this unless you terminate the VPN inside the
PIx and get it routed
>back out through the PIX. This was some time ago.
>
>
>-----Original Message-----
>From: blewis@btconnect.com
[mailto:blewis@btconnect.com]
>Sent: Wednesday, June 26, 2002 1:23 PM
>To: 'ccielab@groupstudy.com'
>Subject: PIX to VPN 3000 Client Configuration
>
>
>Hi Group,
>
>I have an interesting problem with a pix that is
>configured to accept a VPN connection from a remote
>site and from the VPN 3000 client. I cannot get to the
>remot site from a VPN client that is connected to the
>PIX. I can access everything on the LAN interface on
the
>PIX but nothing on the remote network.
>
>I have been told by somebody that you cannot go in
>and out on the same PIX interface, is this true? If not
I
>will post the configuration files for you guys to have a
>browse through.
>
>Many Thanks
>
>Brett Lewis

• Next message: Katson Yeung: "RE: 7507 channel-group support BVI or not?"
• Previous message: Chuck Church: "RE: 7507 channel-group support BVI or not?"
• Maybe in reply to: blewis@xxxxxxxxxxxxx: "PIX to VPN 3000 Client Configuration"
• Next in thread: Michael Popovich: "RE: PIX to VPN 3000 Client Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:43 GMT-3