VPN Cisco - no internet while on VPN

[zodiaczz]

Ok

I have an user that uses his Cisco Firewall Pix to do his VPN. Meaning his remote users use the CISCO VPN client to connect remotely to the network.

Right now when an user is using his/her VPN and is accessing the network they cant get on the Internet. I understand the concept of this since the VPN is using the Internet as its tunnel.

IS there a way to get around this so when users connect to the network via VPN they can access the internet. I know it isnt as secure but this client wants it anyway. They are talking about a HTTP Proxy.

Any ideas on how to conduct what this company wants?

Thanks

 

[KiscoKid]

You need to define split tunneling on the PIX. This allows you to control which traffic is encrypted and will use the tunnel and which traffic need not be encrpyted and is destined for the Internet.

The following URL talk more about split tunneling and how to configure it:

http://www.cisco.com/en/US/products...s_configuration_example09186a008046f307.shtml

 

[LincolnIT]

As KiscoKid stated you need to enable split tunneling on the pix. If your client has their vpn configured as vpngroups on the pix then it is very easy.

Create an acl for the split_tunneling ip address range then define split-tunnel for each vpngroup as shown in the example below.

For example:
Using PIX V6.2

pix(config)#access-list acl_tunnelsplit permit ip 192.168.1.0 255.255.255.0

pix(config)#vpngroup <groupname> split-tunnel acl_tunnelsplit

-The ITGuy

 

[willem05]

Hi,

Check the DNS settings of the VPN-server. Probably that is being pushed to the client and should not be valid automatically. We had the same problem. Put in at least 1 public DNS - server.

Hope you have succes..