Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Pix VPN endpoint and split-tunnel

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 26 Oct 2005 16:49:35 -0400
-----Original Message-----
Subject: Re: [fw-wiz] Pix VPN endpoint and split-tunnel


Not being a PIX admin, I didn't want to jump on this thread.  I know that

the contivity VPN > gateways/clients that we use can be configured to not
allow split-tunneling, and assumed pix > could do the same.

Yes they can.  The issue is (at least through PIX OS 6.x) that full-tunnel
clients cannot access the Internet if that's how they came in because the
PIX won't pass a packet back out of the same interface it arrived inbound
on.  But it seems as though PIX OS 7.0 addresses this issue, probably due in
no small part to popular demand.


PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: