[VPN] Re: PIX VPN - Local LAN Access

Pete Davis pete at ether.net
Fri Mar 7 10:53:07 EST 2003


The Local LAN access feature isn't supported in conjunction with the PIX.
You are able to use the split tunneling feature.

Local LAN gives a user only access to a specific LAN network and everything
else goes through the tunnel. Split tunneling sends only tunneled networks
over the VPN connection and everything else goes directly to the Internet.

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_data_sheet09186a008011c35b.html

See Remote Access Feature Comparison Chart for features supported on the PIX


On Fri, Mar 07, 2003 at 10:35:01AM +1100, John Spanos wrote:
> Hi Folks,
>            I have implemented a Remote Access VPN using a PIX and the Cisco
> VPN Client 3.6.  The only problem I am having is that users can't see their
> local LAN while connected to the VPN.  I know the setting on the client
> needs to be enabled, which I have done but still nothing.  From Cisco's
> limited documentation it appears as though something needs to be configured
> on the PIX as well.  The only reference to this in Cisco documentation is
> regarding the VPN Concentrator and explains how to do it using the GUI Tools
> of the Concentrator.  The only problem is that I don't know how to do it
> using the command line on the PIX.
> 
> As the VPN is in production, I don't want to mess too much with it so this
> is why I am looking for anyone who has done this to point me in the right
> direction.  Is 'Allowing Local LAN Access' the same as split tunnelling.  If
> it is, then can I allow using an ACL and deny statements.  The documentation
> says that you should put access-list permits for networks that should have
> encrypted traffic sent to them, but then all other traffic may flow
> unencrypted, which is against company policy.  If I put specific deny
> statements then can I allow unencrypted traffic ONLY to a specific network?
> If anyone could shed some light on this issue I would be very appreciative.



More information about the VPN mailing list