Configure default gateway on Cisco secure ACS server.

Users try to dial up to the Internet. they go through a 2620 cisco router which is directly connected to a pix firewall (version6.1(2)). The pix is connected to the acs on ethernet port and to a 3550 cisco router which is the internal network on the serial port.I want the user to be able to connect to the internet through the internal network. This could be done if the user had the default gateway of the internal network. The  Firewall has VPN access for employees.  The VPN works ok, but the problem is, when connected to the VPN, clients can not access the internet, just the internal network.  All clients are running Windows XP, and I have tried changing the setting for using the the remote networks default gateway with no luck.  

Is there a way to set up the acs or pix to set the clients default gateway to our office's gateway when connected to the VPN?  

Thanks for your time.
stamkozAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lrmooreCommented:
G'day stamkoz
> The VPN works ok, but the problem is, when connected to the VPN, clients can
> not access the internet, just the internal network.
Working as designed if you are using Cisco IPSEC VPN client. You control this behavior on the PIX with the split-tunneling feature. VPN users can use their own Internet connection for normal internet traffic and the VPN for traffic to/from the corporate network. If you are using microsoft PPTP client, un-checking the box to use default gateway on remote network should permit them to use both their own Internet connection and the VPN to the company LAN at the same time.
Some people don't think this is the best idea, and want their VPN users to go back out through the corporate Internet connection to enforce local rules for VPN users' normal Internet browsing. Sorry, but you can't do that when terminating VPN on the PIX.

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
CleanupPingCommented:
stamkoz:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
lrmooreCommented:
points to lrmoore

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.