Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

split tunnel or reverse split tunnel 2

Status
Not open for further replies.
cambo2k

cambo2k

MIS
Feb 7, 2001
111
CA
I am fairly new to PIX firewalls and am hoping someone can help me out.
I have a remote site with a PIX 501 that creates a VPN tunnel into our data centre Cisco 3000 series.
All of my internet traffic from the machines behind the PIX is sent through my Proxy
>url-server (outside) vendor websense host 10.x.y.z timeout 5 protocol TCP version 1
>http server enable
On site they have a specific application that requires access to the internet for live data from a 3rd party company.
I was hoping that either a split tunnel (or reverse) would work to not have this internet traffic go out the PIX to the data centre and then back to the client.
I would like to allow traffic to that specific IP address to go right out to the internet by passing the tunnel and reducing the traffic on the VPN.
The PIX 501 is not being used as a DHCP device as there is a server behind the PIX for that.
So the real questions are: can this be done? and if this can be done do you have an example that you could share with me so i can understand how this is done.
Thanks!
CS
 
Sort by date Sort by votes
You can do lot of things with PIX.
Can you give us more infos about your topology?
I don't know cisco 3000, i work with cisco ASA, reverse split tunnel work great ;)
you specify networks or hosts allowed to go out (no through VPN).

PIX 501/515
ASA 5510
 
Upvote 0 Downvote
Check out the EzVPN feature on the PIX.

Makes VPN life simpler..


BuckWeet
 
Upvote 0 Downvote
Topology: Cisco 3000 series VPN concentrator to authenticate users of the VPN client and PIX devices from our remote sites.
PIX501 in smaller remote locations that I want all internet traffic pushed out through the VPN except one or 2 sites that are high bandwith and i would like them to go right out the internet connection.

I will also check out the EzVPN feature on the PIX.

Thanks!
 
Upvote 0 Downvote
Exclude that traffic from the crypto ACL on the Pix. Only traffic which matches the ACL is tunneled.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
798
Johnkite
Johnkite
Russtoleum
  • Locked
  • Question
SW GVC won't route traffic through sonicwall to offsite tunnel unless it leases an ip on the same su
Replies
1
Views
277
Russtoleum
Russtoleum
steve56k
  • Locked
  • Question
Number of connections for VPN tunnel
Replies
0
Views
153
steve56k
steve56k
steve56k
  • Locked
  • Question
VPN Tunnel will not start
Replies
0
Views
199
steve56k
steve56k
Russtoleum
  • Locked
  • Question
custom VPN Tunnel not appearing when trying to add route
Replies
1
Views
228
jcarmichael1203
jcarmichael1203

Part and Inventory Search

Sponsor

Back
Top