RE: PIX Question - NOT Urgent [7:86589] posted 03/31/2004
- Subject: RE: PIX Question - NOT Urgent [7:86589]
- From: "Daniel Cotts" <dcotts@xxxxxxxxxxxxxxxx>
- Date: Wed, 31 Mar 2004 18:01:11 GMT
1) Quick and Dirty fix. Use PC Anywhere (or similar app) to connect from
site 1 to site 2. Use site 2 PC to browse desired location.
2) As already mentioned this seems more a routing issue. Default behavior at
site 1 would be to send all browse traffic out to the Internet. Too bad if
it's blocked. Policy routing using route-maps can redirect traffic. If you
have a router between the site 1 user(s) and its PIX maybe you could push
the requests to the blocked sites via site 2. I don't know how the site 2
PIX would treat that traffic.
Route-map SNEAKY permit 10
Match ip address 101
Set ip next-hop (whatever gets you to PIX2)
access-list 101 permit tcp [local host(s)ip and mask] eq 80 host [ip of
router interface e0
ip address aaa.bbb.ccc.ddd
ip policy route-map SNEAKY
ip route-cache policy
3) A remote VPN Client to site 2 could browse if split-tunnel were
4) If your employer has a policy to block certain traffic, they might not
have a sense of humor about it should you circumvent that policy. It can get
you fired. Be wise and careful.
From: Guruprasad Sanjeevi [mailto:guruprasads@xxxxxxx]
Sent: Wednesday, March 31, 2004 3:04 AM
Subject: PIX Question - Urgent [7:86589]
As always after my try I post a question to group.
I have 2 sites. site1 and site2 office connected over a 512kbps internet
link on which I have enabled IPSEC/3DES encryption, Users in site1 can reach
all hosts in site2 but they are not able to browse via site2 internet link.
I can browse via site1 but I want to access a host for which site2 ip block
is allowed and the others are restricted
What I need to do to on PIX to make them browse via a the site2 lnternet
Any help is appreciated
Message Posted at:
**Please support GroupStudy by purchasing from the GroupStudy Store:
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html