Configure default gateway on Cisco secure ACS server.

Posted on 2003-03-24
Medium Priority
Last Modified: 2013-12-19
Users try to dial up to the Internet. they go through a 2620 cisco router which is directly connected to a pix firewall (version6.1(2)). The pix is connected to the acs on ethernet port and to a 3550 cisco router which is the internal network on the serial port.I want the user to be able to connect to the internet through the internal network. This could be done if the user had the default gateway of the internal network. The  Firewall has VPN access for employees.  The VPN works ok, but the problem is, when connected to the VPN, clients can not access the internet, just the internal network.  All clients are running Windows XP, and I have tried changing the setting for using the the remote networks default gateway with no luck.  

Is there a way to set up the acs or pix to set the clients default gateway to our office's gateway when connected to the VPN?  

Thanks for your time.
Question by:stamkoz
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 79

Accepted Solution

lrmoore earned 300 total points
ID: 8200100
G'day stamkoz
> The VPN works ok, but the problem is, when connected to the VPN, clients can
> not access the internet, just the internal network.
Working as designed if you are using Cisco IPSEC VPN client. You control this behavior on the PIX with the split-tunneling feature. VPN users can use their own Internet connection for normal internet traffic and the VPN for traffic to/from the corporate network. If you are using microsoft PPTP client, un-checking the box to use default gateway on remote network should permit them to use both their own Internet connection and the VPN to the company LAN at the same time.
Some people don't think this is the best idea, and want their VPN users to go back out through the corporate Internet connection to enforce local rules for VPN users' normal Internet browsing. Sorry, but you can't do that when terminating VPN on the PIX.


Expert Comment

ID: 9158243
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
Post your closing recommendations!  No comment means you don't care.
LVL 79

Expert Comment

ID: 9763234
points to lrmoore


Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question