netspheretech
asked on
Cisco Pix to Pix VPN with 4.x VPN Client
I have two offices, A & B that are connected through a Pix-to-Pix VPN. All traffic runs great through this. I have VPN client access at each of these Pixes as well, can connect to either A or B and see the local network. I need to provide access for users to connect with a client VPN to office A and be able to access resources in office B. When a user is connected the the VPN, they must not have access to the Internet. Any insight on this would be great.
Thanks
VPN CLIENT ------ Office A ---------- Office B --------- VPN CLIENT
Thanks
VPN CLIENT ------ Office A ---------- Office B --------- VPN CLIENT
Oh, yeah... one more thing.
Regarding not allowing them to access the internet.
That's going to be configured on whichever PIX they're connecting to with their VPN client. To really help, I think I need more clarification on what you're trying to do there.
If, for example, you want them to access the internet only through your LAN (via the VPN), you can pretty much leave everything alone.
If, however, you want them to access the internet through THEIR network and not the VPN, then you have to configure Split Tunneling.
If, on the other hand, you don't want them to access the internet at all, then you'll have to manage that with your ACL.
Hope that helps.
<-=+=->
Regarding not allowing them to access the internet.
That's going to be configured on whichever PIX they're connecting to with their VPN client. To really help, I think I need more clarification on what you're trying to do there.
If, for example, you want them to access the internet only through your LAN (via the VPN), you can pretty much leave everything alone.
If, however, you want them to access the internet through THEIR network and not the VPN, then you have to configure Split Tunneling.
If, on the other hand, you don't want them to access the internet at all, then you'll have to manage that with your ACL.
Hope that helps.
<-=+=->
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here's basically what you do.
First, set up your PIX-to-PIX VPN tunnel (if it isn't already set up - sounds like it is). If it isn't, then a great doc is here:
http://www.cisco.com/warp/public/110/38.html
After this is set up, then you can do the client tunnels. Here's the article I used to set up mine:
http://www.cisco.com/warp/public/110/pixpixvpn.html
Let me know what you think.
<-=+=->