I've got a PIX 501 setup as a vpn remote server. I've been passing its DHCP options its getting from my ISP to its DHCP clients, including the default gateway. I inserted that default route statically, but it didn't help. What am I missing to get the VPN clients access to the Internet as well as to the VPN network without enabling split tunneling? Other than the IP address pool, I don't see where I can pass ip configuration parameters to VPN clients. I've attached my config.
to configure split tunneling, you'll need to create an acl and apply it to the vpngroup.
access-list split permit ip
vpngroup test address-pool vpn
vpngroup test dns-server 188.8.131.52 184.108.40.206
vpngroup test default-domain hsd1.pa.comcast.net
vpngroup test split-tunnel split
vpngroup test idle-time 1800
vpngroup test password ********
alternatively, if you don't prefer to configure split tunneling. one workaround is to deploy a proxy server at the head office, all remote vpn client then point to the proxy for internet browsing after vpn established.
another point needs to be noticed is that the vpn client pool shall not be under the same ip scheme as the pix inside subnet.