RE: PIX to VPN 3000 Client Configuration

From: Michael Popovich (m.popovich@xxxxxxxxx)
Date: Sat Jun 29 2002 - 04:30:53 GMT-3

• Next message: Gyori Gábor: "DLSW direct encapsulation on Frame Relay"
• Previous message: Dirar Hakeem: "IOS upgrade"
• Maybe in reply to: blewis@xxxxxxxxxxxxx: "PIX to VPN 3000 Client Configuration"
• Next in thread: P729: "Re: PIX to VPN 3000 Client Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It is my understanding that split-tunneling allows you to specify what
traffic to encrypt and what traffic not to encrypt. That way web traffic
never goes across the tunnel and uses the remote users Internet
connection instead of the VPN. The PIX doesn't actually do any
redirection here, I don't think.

MP

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
blewis@btconnect.com
Sent: Thursday, June 27, 2002 12:55 PM
To: Larson, Chris (Contractor); 'blewis@btconnect.com';
'ccielab@groupstudy.com'
Subject: RE: PIX to VPN 3000 Client Configuration

there is a command you can use to split the tunnel
under the vpn group configuration. This allows you to
terminate the vpn then redirect web traffic back out of
the interface. I wonder if this will act in the same way
when redirecting back over a vpn connection?

Brett

---- original message ----

>
>If I understand you correctly you are trying to get the
PIX to redirect a
>VPN connection out the sam interface it came in on.
>From my experience you
>cannot do this unless you terminate the VPN inside the
PIx and get it routed
>back out through the PIX. This was some time ago.
>
>
>-----Original Message-----
>From: blewis@btconnect.com
[mailto:blewis@btconnect.com]
>Sent: Wednesday, June 26, 2002 1:23 PM
>To: 'ccielab@groupstudy.com'
>Subject: PIX to VPN 3000 Client Configuration
>
>
>Hi Group,
>
>I have an interesting problem with a pix that is
>configured to accept a VPN connection from a remote
>site and from the VPN 3000 client. I cannot get to the
>remot site from a VPN client that is connected to the
>PIX. I can access everything on the LAN interface on
the
>PIX but nothing on the remote network.
>
>I have been told by somebody that you cannot go in
>and out on the same PIX interface, is this true? If not
I
>will post the configuration files for you guys to have a
>browse through.
>
>Many Thanks
>
>Brett Lewis

• Next message: Gyori Gábor: "DLSW direct encapsulation on Frame Relay"
• Previous message: Dirar Hakeem: "IOS upgrade"
• Maybe in reply to: blewis@xxxxxxxxxxxxx: "PIX to VPN 3000 Client Configuration"
• Next in thread: P729: "Re: PIX to VPN 3000 Client Configuration"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:43 GMT-3