split tunnel not working, please help

Unanswered Question

all my attempts to configure split tunneling for a vpn user (pix 515) do not work.

can some one please tell me why?

I have configured the vpn user with the vpn wizard at the pix pdm , I have marked the checkbox for split tunnel.

this is the config: (inside ip= )

vpngroup bezeqint split-tunnel bezeqint_splitTunnelAcl

access-list bezeqint_splitTunnelAcl permit ip any

* the result is that the vpn client get access to internet but not to the internal network. when i disable the split tunnel , the user get access to the internal network without internet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
m.rainer Tue, 05/06/2003 - 04:12
User Badges:


The access-list must be:

access-list bezeqint_splitTunnelAcl permit ip [IP Address of the IP Address POOL]

per example:

ip local pool mypool

access-list bezeqint_splitTunnelAcl permit ip

Hope that helps.


tvorhauer Tue, 05/06/2003 - 19:22
User Badges:


Hi, I am having the exact same problem as [email protected]. With split tunneling enabled on the PIX, all remote VPN clients can access the internet BUT cannot access the local LAN resources.

So, I disabled split tunneling and can now access local LAN resources, BUT cannot access the internet. I already have the access lists in place that you recommended.

(Internal LAN - (VPN client subnet -

access-list 100 permit ip

access-list 100 permit ip

ip local pool CLIENTPOOL

access-group 100 in interface outside

Is it possible to have split tunneling enabled for internet access AND be able to access the internal LAN at the same time? If so what am I missing here?

Thanks for your help!!



This Discussion