Cisco Pix 6.2 Split Tunneling Problem

Unanswered Question
Jan 28th, 2010

I am trying to setup a second vpngroup on a pix 6.2 (I know

it is old but can't upgrade it yet) and am having a problem. I can connect to the new vpngroup and it works when there is not split tunnel configured but

when I add the split tunnel command it will not route and I see the 'bypassed' packets count going up.  Not sure what is causing this, but any help you can give would be appreciated.  Below is my config for the firewall.  let me know if you see anything that could be causign the problem.

access-list 90 permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server auth-servers protocol radius
aaa-server auth-servers (inside) host 192.168.0.12 ******** timeout 60
ip local pool remote-access 192.168.6.1-192.168.6.254
crypto ipsec transform-set xform-set esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set xform-set
crypto map test2 10 ipsec-isakmp dynamic dynmap
crypto map test2 client configuration address initiate
crypto map test2 client authentication auth-servers
crypto map test2 interface outside
isakmp enable outside
isakmp client configuration address-pool local remote-access outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup default address-pool remote-access
vpngroup default dns-server 192.168.0.12
vpngroup default wins-server 192.168.0.12
vpngroup default default-domain xxx.local
vpngroup default idle-time 1800
vpngroup default password ********
vpngroup SplitTunnel address-pool remote-access
vpngroup SplitTunnel dns-server 192.168.0.12
vpngroup SplitTunnel wins-server 192.168.0.12
vpngroup SplitTunnel default-domain xxx.local
vpngroup SplitTunnel split-tunnel 90
vpngroup SplitTunnel split-dns xxx
vpngroup SplitTunnel idle-time 1800
vpngroup SplitTunnel password ********

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ivan Martinon Thu, 02/04/2010 - 10:36

Can you check the route details on your vpn client? What is the secure route pushed? To check this go ahead and once connected right click on the VPN lock icon and click on details. Please post it here.

Actions

This Discussion