I want to provide Internet access to my VPN users without using split tunnel. I know that it is not possible to route traffic by the same interface as the packets come in. So I set up a default route to an another interface. But...in that case, during ISAKMP negociation, packets are routed to this default route and VPN client are unable to get answer. How can I set up in Pix rules that IPSEC packets should be routed to the VPN interface. I hope the schema below will help to understand my poor english :
Internet ------- Linux router ----- Pix Firewall ----- Internal LAN | | | Internet (VPN client access)
Thank you in advance for your advices or recommandations.