|
Posted by William L. Sun on March 15, 2005, 8:44 pm
If you were Registered and logged in, you could reply and use other advanced thread options
It is true that "PIX will not allow you to route out the same interface the
encrypted packet came in on". The only thing you can do is to let the VPN
client to use Proxy server.
> Hello,
>
> I have a PIX 525e that is my company's firewall and VPN (for remote site
> connectivity). Today, I configured it to do PPTP for some of our employees
> hoping to get away from the MS PPTP server. I noticed today while testing
> the configuration that I could not get to the Internet when using PPTP.
> Now, I know I can configure it to do "split tunneling" however, I do not
> wish to do split tunneling (long story, not my choice).
>
> I read a post from some news group that the PIX will not allow you to
route
> out the same interface the encrypted packet came in on. In other words the
> "outside" interface is the PPTP tunnel end point and I can not route (the
> client using PPTP) the packet out into the Internet (also the outside
> interface). I can only use it to connect to internal PCs.
>
> Is this true?
> Is there any work around?
> If I used a router for PPTP could I get around this?
>
> P.S. I know PPTP sucks (that also is not my choice)
>
> Michael
| 
XML site map