PIX 6.3 Split tunneling to specific internet hosts

Unanswered Question

I asked this question before and thought I had it straight, but having tried the suggested solution it is not working.

Is it possible to allow Cisco VPN clients access to only certain internet IP addresses through split tunneling? I have tried using the split tunnel ACL:

access-list split_tunnel deny host x.x.x.x (internet host x)

access-list split_tunnel deny host y.y.y.y (internet host y)

access-list split_tunnel permit (tunnel everything else)

This doesn't appear to work. Is this possible and any other suggestions?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 03/06/2009 - 09:42
User Badges:
  • Cisco Employee,

I have not tested this, but I am pretty sure it will not work since the split tunnel list will just check for the ip address definition and not the action of the actual list.


This Discussion