Thanks to people here help me. more one question

[Oh]

Hi.
many people at here give me lots of help. thanks!

I have a question more:
I plan setting my central PIX at my office and other 3 PIXs at branch office. I set them as the cisco doc "pix to pix to pix--hub and spoke".
My question is, I need config the central PIX as a Cisco VPN client 3.5 access server who people can access via vpn client. should I config the split tunnel for the new vpn tunnel?

thanks!

 

[sunyasee]

The split tunnel command splits the tunnel, therefore allowing you access to the local network and the remote network at the same time. Without split tunnel the VPN client creates a tunnel that only permits access from your machine to the remote network. So you won't be able to access local resources and browse the web etc whilst your connected to the Pix. If your clients are connecting from their home machines over dialup then split-tunnel isn't really required. If the client machines are connecting from another network to the PIX then I recommend you use split-tunnel.

I hope this makes sense!

----

Sunyasee B-)

 

[stakano]

As a recommendation of 'good security practice', turn off split-tunneling to prevent the general Internet from accessing the VPN back to the head location, if there was ever an intrusion.