Re: Surfing the internet WHILST using a VPN connection (PIX 513)

I don't have any experience with the Cisco VPN client, but most other
vendors clients such as Netscreen's, allow you to surf the Internet
locally using your ISP connection and send traffic over the VPN at the
same time.

They do this by routing traffic for the corporate IP range into a
virtual VPN Network Adpater and any other traffic to your Default
Gateway.

As IPSEC is a standard these clients should work with Cisco devices
too.

James

Joe.Mob...@xxxxxxxxxxxxxxxxxxx wrote:
Sorry yes I meant a PIX 515, not sure why I typed 513. Anyway I will
proceed to upgrade the IOS today. Thank you very much :)
Walter Roberson wrote:
In article <1156346702.896776.135390@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
amattina@xxxxxxxxxxxxxxx <amattina@xxxxxxxxx> wrote:

Joe.Mobley@xxxxxxxxxxxxxxxxxxx wrote:
I have a Cisco Pix 513. From the outside interface users VPN into the
network. Once on the network users wish to browse the internet. The
problem is the fact that the internet connection is out through the
same firewall they have just connected in through. Is it possible to
get this working at all??

Yes this should work. Can regular users inside this network browse the
Internet? Check your ruleset...

There is no PIX 513.

There is a PIX 515, and a re-spun version of that called the PIX 515E.
Both the 515 and 515E are able to run PIX 7.x. The desired behaviour
is possible in PIX 7.x, but only in cases (such as this one) where
at least one VPN is involved on the common interface.

In PIX 5 and 6.0 thru 6.2, the only way to do this involves using
a seperate physical interface that is also connected to the ISP. This
requires either a distinct IP address range or else that the public
address range be subnetted (in which case a WAN router must also be
involved.)

In PIX 6.3, the 515 and 515E gain the ability to add 802.1Q VLANs
onto physical interfaces, and to treat the VLANs as logical interfaces.
This would allow a setup similar to PIX 5 or 6.0/6.1/6.2, except
without needing a seperate physical interface... provided that there
is a WAN router and it handles 802.1Q VLAN trunking.

.

Relevant Pages

  • [fw-wiz] RE: PIX v7: routing without NAT
    ... Create another private network and assign it to your inside interface ... for the servers that need access to it from the internet. ... servers behind my PIX 515E to use the public IP ...
    (Firewall-Wizards)
  • Re: RRAS demand dial interface
    ... you can ignore the internal interface. ... if you configure your server for incoming VPN or dialup users. ... but the first connection attempt often fails ... to use the internet connection. ...
    (microsoft.public.windows.server.networking)
  • Re: Pix and VPN 3030 traffic routing / redirection
    ... > Currently I have a Pix 515 serving as both a firewall and a VPN ... > Pix dmz interface network: ...
    (comp.security.firewalls)
  • Re: VPN routing and RAS problem urgent!!! (thank you)
    ... Try leaving the gateway for your VPN NIC blank, just add a gateway for the VPN subnet using Add route ... ... configuratie ingeschakeld. ... I have 3 interface 2 of them connected with the Internet. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN routing and RAS problem urgent!!! (thank you)
    ... Permanente routes: ... I can see in RAS packets being coming in on the Interface but nothing ... VPN subnet using Add route ... ... I have 3 interface 2 of them connected with the Internet. ...
    (microsoft.public.windows.server.sbs)