quickconnect
IS-IT--Management
I have a couple questions that I need assistance with
I am currently doing a site-2-site VPN using a Cisco Pix 501 to Cisco VPN 3000 Concentrator. Everything works fine but the problem that I have now is that when a use behind the Pix tries to go to a website they are promoted for a proxy username/password from our corporate proxies which is good, but if we add a site in the IE browser exceptions list and the user tries to go to that site the Pix Firewall will drop it. My understanding to this reason is because my firewall allows all traffic from the inside/outside but only to 1.x.x.x corporate network, since that exception in IE is not a 1.x.x.x site the firewall tries to push this trafic outside the VPN tunnel right to the outside interface which is "DENIED" This is causing me some headacks because I have a few sites that need to access these various sites. Is there a way without allowing split tunneling to force only certian IP's or sites to bypass the tunnel right out the internet and tunnel everything else?
My current work around is to remove the site/s out of the Proxy exception list in IE so that they are forced to ask the Proxy Server for access. This is not a practicle solution corporate wide but a temp fix for these few smaller sites.
Is there a way to do this???
I am currently doing a site-2-site VPN using a Cisco Pix 501 to Cisco VPN 3000 Concentrator. Everything works fine but the problem that I have now is that when a use behind the Pix tries to go to a website they are promoted for a proxy username/password from our corporate proxies which is good, but if we add a site in the IE browser exceptions list and the user tries to go to that site the Pix Firewall will drop it. My understanding to this reason is because my firewall allows all traffic from the inside/outside but only to 1.x.x.x corporate network, since that exception in IE is not a 1.x.x.x site the firewall tries to push this trafic outside the VPN tunnel right to the outside interface which is "DENIED" This is causing me some headacks because I have a few sites that need to access these various sites. Is there a way without allowing split tunneling to force only certian IP's or sites to bypass the tunnel right out the internet and tunnel everything else?
My current work around is to remove the site/s out of the Proxy exception list in IE so that they are forced to ask the Proxy Server for access. This is not a practicle solution corporate wide but a temp fix for these few smaller sites.
Is there a way to do this???