Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco Pix to Pix VPN with 4.x VPN Client

Posted on 2006-06-21
3
Medium Priority
?
328 Views
Last Modified: 2010-03-19
I have two offices, A & B that are connected through a Pix-to-Pix VPN.  All traffic runs great through this.  I have VPN client access at each of these Pixes as well, can connect to either A or B and see the local network.  I need to provide access for users to connect with a client VPN to office A and be able to access resources in office B.  When a user is connected the the VPN, they must not have access to the Internet.  Any insight on this would be great.

Thanks


VPN CLIENT ------ Office A ---------- Office B --------- VPN CLIENT
0
Comment
Question by:netspheretech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 16957166
I had to set this up recently.

Here's basically what you do.

First, set up your PIX-to-PIX VPN tunnel (if it isn't already set up - sounds like it is).  If it isn't, then a great doc is here:
http://www.cisco.com/warp/public/110/38.html

After this is set up, then you can do the client tunnels.  Here's the article I used to set up mine:
http://www.cisco.com/warp/public/110/pixpixvpn.html

Let me know what you think.

<-=+=->
0
 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 16957185
Oh, yeah... one more thing.

Regarding not allowing them to access the internet.

That's going to be configured on whichever PIX they're connecting to with their VPN client.  To really help, I think I need more clarification on what you're trying to do there.

If, for example, you want them to access the internet only through your LAN (via the VPN), you can pretty much leave everything alone.
If, however, you want them to access the internet through THEIR network and not the VPN, then you have to configure Split Tunneling.
If, on the other hand, you don't want them to access the internet at all, then you'll have to manage that with your ACL.

Hope that helps.

<-=+=->
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 2000 total points
ID: 16957655
Take a peek into this post;

http://www.experts-exchange.com/Networking/Microsoft_Network/Q_21892134.html

Question 1: Disable internet access when they are connected ( I presume that you mean their local vpn connection).

In this case, remove the split tunneling and then all the connections will go through your VPN sessions; no vpn-group <group> split <acl-name>

Question 2: Connect to A and access B also.

To make a U-turn like this you need to have 7.0 version of the software which I assume you don't have right now. It is not possible, sorry!

Cheers,
Rajesh
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question