OK, Im following up one at a time here. I will respond to the others as I get to them..
In order for the person that is VPN'd to be able to surf the web, then you must do 1 of 2 things. 1) Enable split tunneling on the PIX ( I think its in 6.2(1) maybe earlier ). Doing it on just the client doesn't matter. 2) Have the user come into the PIX, and out another Internet connection. The PIX doesn't allow hairpin routing, or traffic to come into 1 interface ( outside ) and go back out that same interface on its way to the destination. Thanks Larry -----Original Message----- From: Edward Sohn [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 6:41 PM To: 'Joshua Vince'; [EMAIL PROTECTED]; 'Roberts, Larry' Subject: RE: more VPN fun... [7:58818] hey guys, i've got connectivity now. thanks a bunch for all the help. however, per the diagram that josh sent the link for... how can i now get the remote vpn client to go back out through the pix for internet, if the PIX is the default gateway? how does the client know *any* gateway, for that matter? it doesn't seem that there is a default route in the pix config that would dictate such... any ideas? thanks ed -----Original Message----- From: Joshua Vince [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 3:29 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: more VPN fun... [7:58818] What's the client behind? If it's behind a firewall, you need to make sure that firewall allows UDP 500 and IP Protocol 50 (ESP) or IP Protocol 51 (AH), depending on which you are using. Josh -----Original Message----- From: Edward Sohn [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 6:06 PM To: Joshua Vince; [EMAIL PROTECTED] Subject: RE: more VPN fun... [7:58818] dude, good site. i can't believe i couldn't find this doc. this is exactly what i want to do... anyway, i got the client connected and stuff, but i can't access anything on the lan...thanks for the config i can't seem to ping from the remote client to any internal ip's...any ideas? the "allow local lan access" line is disabled in the statistics, though i have it enabled in the client... i've checked and double-checked the pix config. looks like the pix in the guide... thanks, ed -----Original Message----- From: Joshua Vince [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 1:22 PM To: Edward Sohn; [EMAIL PROTECTED] Subject: RE: more VPN fun... [7:58818] Just make sure that you use Group 2 in the isakmp policy, and the users will connect. Here is a great reference: http://www.cisco.com/warp/customer/110/pixpixvpn.html And it works... Joshua R. Vince MCSE MCP+I CCNP CCA CSS1 Network Engineering Supervisor BCG Systems, Inc. 800-968-6661 mailto:[EMAIL PROTECTED] -----Original Message----- From: Edward Sohn [mailto:[EMAIL PROTECTED]] Sent: Monday, December 09, 2002 3:44 PM To: [EMAIL PROTECTED] Subject: more VPN fun... [7:58818] anyone have any working configs of a PIX set up for a site-to-site IPSec tunnel with another PIX (at a remote site), as well as set up for mobile user VPN access (through dialup/dsl/cable/etc)? the client will user secure VPN client 3.0 for windows. i have the docs from CCO, but someone told me that their config for the remote user is wrong and does not work right. appreciate your help. please email me directly. ed Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=58858&t=58818 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
