PIX : provide Internet access to VPN clients without split tunnel


I want to provide Internet access to my VPN users without using split tunnel. I know that it is not possible to route traffic by the same interface as the packets come in. So I set up a default route to an another interface. But...in that case, during ISAKMP negociation, packets are routed to this default route and VPN client are unable to get answer. How can I set up in Pix rules that IPSEC packets should be routed to the VPN interface. I hope the schema below will help to understand my poor english :

Internet ------- Linux router ----- Pix Firewall ----- Internal LAN | | | Internet (VPN client access)

Thank you in advance for your advices or recommandations.

Reply to
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.