VPN Pix problem accessing outside
in [Cisco]
|
From: mohnkern on 24 Aug 2006 13:35 Having a weird problem. We've got a person who is vpning into our Pix firewall, and they can then connect to any server inside the firewall, but cannot connect to anything outside the firewall. I'm sure its an easy configuration issue, just haven't dealt with the VPN side of PIX firewalls before.
From: Chad Mahoney on 24 Aug 2006 14:47 mohnkern(a)gmail.com wrote: > Having a weird problem. We've got a person who is vpning into our Pix > firewall, and they can then connect to any server inside the firewall, > but cannot connect to anything outside the firewall. I'm sure its an > easy configuration issue, just haven't dealt with the VPN side of PIX > firewalls before. Google split tunneling http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080172787.html
From: Walter Roberson on 24 Aug 2006 14:47 In article <1156440911.124941.32970(a)75g2000cwc.googlegroups.com>, <mohnkern(a)gmail.com> wrote: >Having a weird problem. We've got a person who is vpning into our Pix >firewall, and they can then connect to any server inside the firewall, >but cannot connect to anything outside the firewall. I'm sure its an >easy configuration issue, just haven't dealt with the VPN side of PIX >firewalls before. You need to use the split-tunnel clause in your vpngroup configuration. The ACL you name there should match all the traffic that *should* go through the VPN, and should be in the same source/ destination order as you would use for a crypto map. Note that the security implications of this should be considered. If someone takes over the remote computer, such as via a virus or trojan, then if you allow their system to talk to the outside world at the same time you allow them to connect to your inside, then someone remotely could use their active connection to real-time remotely control their system in order to get at your LAN.
|
Pages: 1 Prev: Split horizons? Next: %FW-3-FTP_SESSION_NOT_AUTHENTICATED |