>:>:> this is because when u are connected via VPN, all your connection will
>:> be tunneled back to PIX.
>
>:I have two very different networks inside (192, 172) and I doubt
>:with split tunneling that will work.
>
> Why not? I split tunnel to four different inside networks on our 525.
Well, of course I can do it, but the issue is, I'd rather have all traffic go through our 525 when they are in VPN mode, than half of it go through some public network somewhere in the world.
:Plus I would rather see all traffic go through my PIX than through that
>:guys internet, as long as he is connected via VPN.
>
> Since you have a 515E, you can upgrade the memory on it to 128 Mb
> and then install PIX 7.0(1), which will allow you to do the kind of
> loop-back connections that you want.
lucky I already have 128MB. Well, this is my first PIX and I really don't know how to upgrade, I don't even know how to get the software.
Are there any HowTos for this?
If you need to stick to PIX 6.3 and you cannot subnet your public IP
> space or your WAN router does not support VLANs, then you cannot do
> what you want to do without adding additional resources. Perhaps
> a caching proxy server (e.g., squid) would be a possibility for you.
Hmm, I already thought about that, but that would be my last solution.
Thanks for your help!