<div>
I strongly suggest you stay away from pdm as it doesn't work as good as command line. You can also paste commands directly into the pdm console<br />
<br />
Follow steps from this link<br />
<a href="http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html" rel="ugc">http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/basclnt.html</a><br />

</div>


<div>
What version PIX? If using 6.x you cannot do it without split-tunneling. You have to be running 7.x or above.<br />

</div>


<div>
If you have enough RAM/Flash I highly recommend upgrading your PIX to the latest version (8.0.4). If not enough for 8.x, then at least upgrade to 7.x.<br />
This will enable this feature and also provide you with more modern features and a more secure platform.<br />

</div>


<div>
thanks a lot for the info. I am not a full time pix guy but have experienced a few issues with PDM, and have upgraded a couple of boxes to support ASDM sometime ago, which works better, but its about finding downtime to do it. <br />
<br />
According to lrmoore can this be certinaly done with Version 7, and possibly runing with ASDM. <br />
<br />
RPPreacher mentioned Echo, but did not clarify, is there a solution without upgrading the box.<br />
<br />
If possible I prefer to do this without having to stroll thru endless commands. I have always appreciated the solid performance of Pixes. Unfortunate that there are no better GIU support to help busy life of today's admins who has to deal with 100s of different systems everyday. <br />
<br />
Cisco PIX Firewall Version 6.3(1)<br />
Cisco PIX Device Manager Version 3.0(1)
</div>


<div>
I was saying lrmoore is right.<br />
<br />
Here's the upgrade procedure, step by step<br />
<a href="http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml" rel="ugc">http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00804708d8.shtml</a>
</div>


<div>
ok, thanks :), thought that was some workaround using a command.
</div>


<div>
in fact, could someone tell me the steps for doing this using Pix 7, so that I can try it on a different box before bringing down the one in question. That's my last request.<br />
<br />

</div>


<div>
The above link was for upgrading 6.x to 7.x.
</div>


<div>
I still say go ahead and upgrade to the latest - 8.0.4 and ASDM 6.1.3<br />
New features and security patches.<br />

</div>


<div>
Thanks Gents.<br />
<br />
Just to clarify, I'm after a link or steps for setting up default gateway after upgrading to Pix 7. <br />
<br />
Not for upgrading itself.<br />
<br />
I have another box (running 7.04 and ASDM 5.04) on which I want to test this before upgrading.<br />
<br />

</div>


<div>
ooohhh. if you mean the default gateway for you to get out to the internet it is simply:<br />
<br />
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY_IP 1<br />
where DEFAULT_GATEWAY_IP = your ISP default gateway!<br />

</div>


<div>
Wait - you mean for remote VPN users don't you.<br />
The thing is that this cannot be done easily in the old software. You must upgrade if you want this to be simple and secure.<br />

</div>


<div>
6.x just won't do it. Upgrade to 8 if you've got enough flash/RAM. <br />

</div>


<div>
lrmoore's config lines look good and will do it but you must upgrade as stated.<br />

</div>


<div>
<blockquote>
Just make sure you use the NAT command and not static - statics will the FORCE all traffic through where you say and you won't be able to access either the web or internal resources.<br />

</blockquote>
</div>


<div>
<div class="content wysiwyg-content">
Using Cisco VPN client we are establishing a secure IPSEC connection to a PIX box. We want the remote users to then (i.e when on the VPN) to browse the internet. We dont want to use split tunnelling. <br />
<br />
Could someone tell us how to setup the default gateway paramter on the pix box so that it is the same as any client within the LAN. I undersatand the overhead of doublde bandwidth but this is ok.<br />
<br />
Please provide instructions to use PDM.
</div>
</div>


Using Cisco VPN client we are establishing a secure IPSEC connection to a PIX box. We want the remote users to then (i.e when on the VPN) to browse the internet. We dont want to use split tunnelling. 

Could someone tell us how to setup the default gateway paramter on the pix box so that it is the same as any client within the LAN. I undersatand the overhead of doublde bandwidth but this is ok.

Please provide instructions to use PDM.

Pix Default Gateway

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Internet Protocol Security (IPsec) is a protocol suite for secure Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session. IPsec can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host). IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite.

Internet Protocol Security

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.