[VPN] Re: PIX VPN - Local LAN Access

Dana J. Dawson djdawso at qwest.com
Fri Mar 7 11:27:23 EST 2003

You need to use the "vpngroup split-tunnel 


Good luck!


John Spanos wrote:

>Hi Folks,
>           I have implemented a Remote Access VPN using a PIX and the Cisco
>VPN Client 3.6.  The only problem I am having is that users can't see their
>local LAN while connected to the VPN.  I know the setting on the client
>needs to be enabled, which I have done but still nothing.  From Cisco's
>limited documentation it appears as though something needs to be configured
>on the PIX as well.  The only reference to this in Cisco documentation is
>regarding the VPN Concentrator and explains how to do it using the GUI Tools
>of the Concentrator.  The only problem is that I don't know how to do it
>using the command line on the PIX.
>As the VPN is in production, I don't want to mess too much with it so this
>is why I am looking for anyone who has done this to point me in the right
>direction.  Is 'Allowing Local LAN Access' the same as split tunnelling.  If
>it is, then can I allow using an ACL and deny statements.  The documentation
>says that you should put access-list permits for networks that should have
>encrypted traffic sent to them, but then all other traffic may flow
>unencrypted, which is against company policy.  If I put specific deny
>statements then can I allow unencrypted traffic ONLY to a specific network?
>If anyone could shed some light on this issue I would be very appreciative.
>John Spanos.
>VPN mailing list
>VPN at lists.shmoo.com

Dana J. Dawson                     djdawso at qwest.com
Senior Staff Engineer              CCIE #1937
Qwest Communications               (612) 664-3364
600 Stinson Blvd., Suite 1S        (612) 664-4779 (FAX)
Minneapolis  MN  55413-2620

"Hard is where the money is."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20030307/8a24b94a/attachment.htm 

More information about the VPN mailing list