Hello,
I have a customer who wants to give their employees the ability to surf the web while they have a secure tunnel to the office from their home computers and laptops.
I have configured the Pix per instructions I found on the web, but can't seem to make it work. I can access the data on the fileserver with no problem from outside the workplace via VPN Client 5.0. However, I have no success surfing the web while connected with the VPN Client. I have checked "allow local LAN access" on the transport tab of the properties page.
Below is my Pix configuration. I would apreciate some input on how to accomodate my client.
Thanks in advance,
Buck
PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password nRE3ObpS3sHlWw5g encrypted passwd hbpaaP9kCkRr0dXu encrypted hostname pixfirewall domain-name xxxxxxxxxxx.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names access-list inside_outbound_nat0_acl permit ip any 192.168.9.0
255.255.255.240 access-list outside_cryptomap_dyn_20 permit ip any 192.168.9.0 255.255.255.240 access-list split permit ip any 192.168.9.0 255.255.255.240 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside xxx.xxx.xxx.xxx 255.255.xxx.xxx ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool xx 192.168.9.5-192.168.9.14 pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 0.0.0.0 0.0.0.0 0 0 route outside 0.0.0.0 0.0.0.0 75.146.156.194 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 192.168.1.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside isakmp enable outside isakmp nat-traversal 1200 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup xxxxxxx address-pool xx vpngroup xxxxxxxx split-tunnel split vpngroup xxxxxxx idle-time 1800 vpngroup xxxxxxxx password ******** telnet timeout 5 ssh 0.0.0.0 0.0.0.0 outside ssh 192.168.1.0 255.255.255.0 inside ssh timeout 5 console timeout 0 dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside terminal width 80 Cryptochecksum:9b914428de0cbabf1d0a5d41c594b553 : end [OK] pixfirewall(config)#