Internet Traffic across VPN

[mjr593]

Not sure if this can be done, but I'm attempting to send all internal Internet traffic across a PIX to PIX vpn. I tried url filtering but as we don't have a proxy or websense server it didn't appear to work.

Any ideas???

 

[themut]

The PIX is not able to route packets back on the same interface they arrive so what you are tryind to do is not possible unless you have a proxy server on the other side of the tunnel and you forward Internet traffic to this proxy.

 

[mjr593]

Again, not sure, but it's not from the same interface, the internal users are browsing the Internet via the DSL line, but i would prefer it if they were going across the VPN as their is web filtering software on the other network.

Thanks.

 

[themut]

When you send Internet traffic accross a VPN to the head end PIX it reaches this PIX´s outside interface. The PIX decrypts the packet and it finds out it is destined for the Internet, as the Internet is on the outside of this PIX it drops the packet since it cannot route packets back on the same interface they arrived. You would need a proxy server behind the head end PIX to overcome this limitation. Hope it makes sense!

 

[mjr593]

I understand now.

Thanks for your help.

MJR.