VPN client and accessing the internet

[stooo]

I have a working vpn client, which once connected assigns a private 192.168 ip address

I can connect to internal servers, but not out to the internet. I get a log saying there is no route. How do I fix this?

Cheers

Stu

 

[ermora]

stooo,
Can you post your PIX model, IOS version and VPN Client version.

From what I know, pre IOS v6.3(2), you cannot provide internet access to a VPN Client unless you use a PROXY within the network the VPN Client comes into. The PROXY will "request" the webpage and "foward" it to the VPN Client. In this manner the VPN Client never uses it's own connection to access the internet.

Is this available in later, post IOS v6.3(2), I'm not sure, maybe someone can shed some light on this.

 

[stooo]

Cisco PIX Firewall Version 6.3(4)
Its a 515
Licensed Features:
Failover: Disabled
VPN-DES: Enabled
VPN-3DES-AES: Enabled
Maximum Physical Interfaces: 3
Maximum Interfaces: 5
Cut-through Proxy: Enabled
Guards: Enabled
URL-filtering: Enabled
Inside Hosts: Unlimited
Throughput: Unlimited
IKE peers: Unlimited

The proxy thing is a good idea, but not really an option in this case unfortunately

Thanks for you help

 

[sjjnks]

We tried to do the same thing only site-to-site VPN. Cisco said it can't be done cuz traffic is basically coming in (via the tunnel) and going out (to the internet) on the same interface.

Your 515 should have a slot for a third interface. Or you proxy as ermora said, since traffic passes all the way through the PIX to a device inside, then goes back through it again.

I don't know of any other way to do it.

 

[Zahundas]

If I remember correctly there is a feature called "Split tunneling" that can be enabled to allow access to both the VPN tunnel and the internet at the same time. I will look into it and let you know.

Regards,
Zahundas