[VPN] Re: PIX VPN - Local LAN Access

Pete Davis pete at ether.net
Fri Mar 7 10:53:07 EST 2003

The Local LAN access feature isn't supported in conjunction with the PIX.
You are able to use the split tunneling feature.

Local LAN gives a user only access to a specific LAN network and everything
else goes through the tunnel. Split tunneling sends only tunneled networks
over the VPN connection and everything else goes directly to the Internet.


See Remote Access Feature Comparison Chart for features supported on the PIX

On Fri, Mar 07, 2003 at 10:35:01AM +1100, John Spanos wrote:
> Hi Folks,
>            I have implemented a Remote Access VPN using a PIX and the Cisco
> VPN Client 3.6.  The only problem I am having is that users can't see their
> local LAN while connected to the VPN.  I know the setting on the client
> needs to be enabled, which I have done but still nothing.  From Cisco's
> limited documentation it appears as though something needs to be configured
> on the PIX as well.  The only reference to this in Cisco documentation is
> regarding the VPN Concentrator and explains how to do it using the GUI Tools
> of the Concentrator.  The only problem is that I don't know how to do it
> using the command line on the PIX.
> As the VPN is in production, I don't want to mess too much with it so this
> is why I am looking for anyone who has done this to point me in the right
> direction.  Is 'Allowing Local LAN Access' the same as split tunnelling.  If
> it is, then can I allow using an ACL and deny statements.  The documentation
> says that you should put access-list permits for networks that should have
> encrypted traffic sent to them, but then all other traffic may flow
> unencrypted, which is against company policy.  If I put specific deny
> statements then can I allow unencrypted traffic ONLY to a specific network?
> If anyone could shed some light on this issue I would be very appreciative.

More information about the VPN mailing list