I'm working with a PIX (V7.2 code) that is set up to only do IPSec connections via the internet. I am trying to add the ability to make unencrypted non IPSec connections to the internet.
In a previous forum post someone suggested I should do split-tunneling. I looked at some Cisco docs but I am haveing a hard time grasping the group policy stuff.
Below is my existing IPSec VPN config.
Can someone give me an example of how to do the split-tunneling/group policy configs as it relates to my situation.
description to the outside
ip address 188.8.131.52 255.255.255.0
ospf cost 10
description internal office
ip address 10.11.28.100 255.255.255.0
ospf cost 10
object-group network CoLo
network-object 10.0.10.0 255.255.255.0
network-object 10.0.20.0 255.255.255.0
access-list outside_20_cryptomap extended permit ip 10.11.28.0 255.255.255.0 object-group CoLo
access-list outside_nat0_outbound extended permit ip 10.11.28.0 255.255.255.0 object-group CoLo
access-list outside_access_in extended permit ip any 184.108.40.206 255.255.255.252 log
access-list outside_access_in extended permit icmp 10.0.10.0 255.255.255.0 10.11.28.0 255.255.255.0 echo-reply log
access-list outside_access_in extended permit icmp 10.0.20.0 255.255.255.0 10.11.28.0 255.255.255.0 echo-reply log
access-list outside_access_in extended permit tcp 10.0.20.0 255.255.255.0 10.11.28.0 255.255.255.0 eq smtp log
access-list outside_access_in extended permit tcp object-group CoLo 10.11.28.0 255.255.255.0 eq 1111 log
access-list internal_net_access_in extended permit ip 10.11.28.0 255.255.255.0 object-group CoLo
nat (outside) 0 access-list outside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 220.127.116.11 1
no sysopt connection permit-vpn
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 match address outside_20_cryptomap
crypto map outside_map 20 set peer 18.104.22.168
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
tunnel-group 22.214.171.124 type ipsec-l2l
tunnel-group 126.96.36.199 ipsec-attributes