07-29-2003 08:23 AM - edited 02-21-2020 12:41 PM
I am using pix firewall version 6.2 and VPN client configuration with VPN client software version 2. When I open the tunnel, the VPN client is able to communicate to the enterprise network but also at the same time can surf the internet. I need to disable split tunneling but in the VPN client software there´s no option to do so. Regarding documentation, I found there´s a method but for VPN client 3.5 software or earlier version and my PIX firewall configuration looks like that one used for VPN client version 1.1.
What can I do to disable split tunneling using the same software I have, I mean, only using configuration.
Thanks,
07-29-2003 02:57 PM
create another vpngroup; group1 enable split tunneling; group2 disable split tunneling
07-30-2003 03:09 PM
It is not very clear for me your suggestion. . Here´s the configuration I have:
access-list 101 permit ip 10.0.0.0 255.255.255.0 172.16.1.0 255.255.255.0
ip local pool test 172.16.1.1-172.16.1.10
nat (inside) 0 access-list 101
crypto dynamic-map dynmap 15 set transform-set myset
crypto map mymap 5 ipsec-isakmp
crypto map mymap 5 set transform-set myset
crypto map mymap 15 ipsec-isakmp dynamic dynmap
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap interface outside
isakmp enable outside
isakmp key ***** address 0.0.0.0 netmask 0.0.0.0
isakmp identity address
isakmp client configuration address-pool local test outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 1
isakmp policy 10 lifetime 3600
isakmp policy 10 authentication pre-share
What should I change here related to the group? I only have 1 group created and want to disable split tunneling for whomever in this group.
Thanks for any comment.
08-04-2003 07:45 AM
You have to disable the split-tunnel in the vpngroup
Hope it Helps.
Jorge.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: