[VPN] Re: PIX VPN - Local LAN Access
Dana J. Dawson
djdawso at qwest.com
Fri Mar 7 11:27:23 EST 2003
You need to use the "vpngroup split-tunnel
John Spanos wrote:
> I have implemented a Remote Access VPN using a PIX and the Cisco
>VPN Client 3.6. The only problem I am having is that users can't see their
>local LAN while connected to the VPN. I know the setting on the client
>needs to be enabled, which I have done but still nothing. From Cisco's
>limited documentation it appears as though something needs to be configured
>on the PIX as well. The only reference to this in Cisco documentation is
>regarding the VPN Concentrator and explains how to do it using the GUI Tools
>of the Concentrator. The only problem is that I don't know how to do it
>using the command line on the PIX.
>As the VPN is in production, I don't want to mess too much with it so this
>is why I am looking for anyone who has done this to point me in the right
>direction. Is 'Allowing Local LAN Access' the same as split tunnelling. If
>it is, then can I allow using an ACL and deny statements. The documentation
>says that you should put access-list permits for networks that should have
>encrypted traffic sent to them, but then all other traffic may flow
>unencrypted, which is against company policy. If I put specific deny
>statements then can I allow unencrypted traffic ONLY to a specific network?
>If anyone could shed some light on this issue I would be very appreciative.
>VPN mailing list
>VPN at lists.shmoo.com
Dana J. Dawson djdawso at qwest.com
Senior Staff Engineer CCIE #1937
Qwest Communications (612) 664-3364
600 Stinson Blvd., Suite 1S (612) 664-4779 (FAX)
Minneapolis MN 55413-2620
"Hard is where the money is."
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the VPN