- Bronze, 100 points or more
I have a strange issue with split-tunnel operation on a PIX firewall.
There is a VPN client connection configured, which works find. However split tunnel is configured which allows simultanious access to the internal network, and the internet. But by my reading of the configuration it shouldn't!! The split tunnel ACL matches any traffic, therfore only access to the internel network should be possible. What am I missing?
Here are sections of the config, the firewall is running PIX V7.0 software.
tunnel-group customer-Remote type ipsec-ra
tunnel-group customer-Remote general-attributes
authentication-server-group GG-VPN-Users LOCAL
group-policy customer-Remote internal
group-policy customer-Remote attributes
banner value Access to this device is strictly for customer employees only.
banner value This link is fully monitored and any unauthorized users will be prosecuted
banner value to the full extent of the law in the country in which the access was initiated.
dns-server value 172.30.2.3 126.96.36.199
split-tunnel-network-list value customer-Remote_splitTunnelAcl
default-domain value int.customer.com
access-list customer-Remote_splitTunnelAcl; 1 elements
access-list customer-Remote_splitTunnelAcl line 1 standard permit any