ezvpn + split tunneling -> broken nat

Unanswered Question
Apr 11th, 2008
User Badges:

Hello, all!

I set up ezvpn connection between pix (fos 7.0(6)) and cisco 831 (ios 12.4(18a)). Client is in network extension mode. PC behind 831 can access head office without problems. It's OK.

Than I needed to access from remote office Internet and I set up split tunneling. With it I encrypt only tunnel specified networks. At the same time I discovered that c831 began to create NAT rules which were not compatible with my wishes. How can I switch this irritating thing off? Is it possible or not?

With best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
whjvdam1 Thu, 04/17/2008 - 10:22
User Badges:

Did you enable NEM on the pix? The default for NEM is off.

You can enable it with:

hostname(config)# group-policy FirstGroup attributes

hostname(config-group-policy)# nem enable




This Discussion