split tunnel not working, please help

Unanswered Question

all my attempts to configure split tunneling for a vpn user (pix 515) do not work.

can some one please tell me why?

I have configured the vpn user with the vpn wizard at the pix pdm , I have marked the checkbox for split tunnel.

this is the config: (inside ip=192.168.1.0 )

vpngroup bezeqint split-tunnel bezeqint_splitTunnelAcl


access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any

* the result is that the vpn client get access to internet but not to the internal network. when i disable the split tunnel , the user get access to the internal network without internet.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
m.rainer Tue, 05/06/2003 - 04:12
User Badges:

Hi,

The access-list must be:

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 [IP Address of the IP Address POOL]

per example:

ip local pool mypool 192.168.10.1-192.168.10.254

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

Hope that helps.

Markus

tvorhauer Tue, 05/06/2003 - 19:22
User Badges:

Markus,


Hi, I am having the exact same problem as [email protected]. With split tunneling enabled on the PIX, all remote VPN clients can access the internet BUT cannot access the local LAN resources.


So, I disabled split tunneling and can now access local LAN resources, BUT cannot access the internet. I already have the access lists in place that you recommended.


(Internal LAN - 199.199.0.0/16) (VPN client subnet - 172.16.1.0/24)


access-list 100 permit ip 199.199.0.0 255.255.0.0 172.16.1.0 255.255.255.0

access-list 100 permit ip 172.16.1.0 255.255.255.0 199.199.0.0 255.255.0.0


ip local pool CLIENTPOOL 172.16.1.1-172.16.1.253


access-group 100 in interface outside


Is it possible to have split tunneling enabled for internet access AND be able to access the internal LAN at the same time? If so what am I missing here?


Thanks for your help!!

TV


Actions

This Discussion