-----Original Message-----
Subject: Re: [fw-wiz] Pix VPN endpoint and split-tunnel

> Not being a PIX admin, I didn't want to jump on this thread. I know that

the contivity VPN > gateways/clients that we use can be configured to not
allow split-tunneling, and assumed pix > could do the same.

Yes they can. The issue is (at least through PIX OS 6.x) that full-tunnel
clients cannot access the Internet if that's how they came in because the
PIX won't pass a packet back out of the same interface it arrived inbound
on. But it seems as though PIX OS 7.0 addresses this issue, probably due in
no small part to popular demand.


PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/li...rewall-wizards