PPTP Client --> PIX 515 R ---> PAT ---> INET

[benjamin7062]

Hello --

The PPTP logins work fine, I can see my private network fine, and everything SEEMS great... Only, when a user is VPN'ing into our network, they can't browse the web or anything of that nature. Is there any way around this _without_ setting up a proxy? How can I get the PIX to do a PAT for the VPN also?

Thanks for any help!

Benjamin

 

[Bluecrack]

The command you are searching for is

vpngroup split-tunnel

However, I was never able to get it to work with PPTP. I am pretty sure I was told it would not work with PPTP. It does work for sure with the new VPN 3.0 client and PIX version 6.01.

What I ended up doing was writing a batch file (for Windows 2000) that did the following:
1. After the connection was started, it saved the ISP's default gateway
2. Determined the dynamic PPTP IP address.
2. Setup static routes on the PC to all my subnets using the PPTP IP address
3. Set the default route back to the default gateway provided by the user's ISP.

This effectively allowed all traffic to my network to be encrypted and all other traffic to go straight to the internet.

Jason