Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco Pix 6.2 Split Tunneling Problem

I am trying to setup a second vpngroup on a pix 6.2 (I know

it is old but can't upgrade it yet) and am having a problem. I can connect to the new vpngroup and it works when there is not split tunnel configured but

when I add the split tunnel command it will not route and I see the 'bypassed' packets count going up.  Not sure what is causing this, but any help you can give would be appreciated.  Below is my config for the firewall.  let me know if you see anything that could be causign the problem.

access-list 90 permit ip

aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa-server auth-servers protocol radius
aaa-server auth-servers (inside) host ******** timeout 60
ip local pool remote-access
crypto ipsec transform-set xform-set esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set xform-set
crypto map test2 10 ipsec-isakmp dynamic dynmap
crypto map test2 client configuration address initiate
crypto map test2 client authentication auth-servers
crypto map test2 interface outside
isakmp enable outside
isakmp client configuration address-pool local remote-access outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption des
isakmp policy 30 hash sha
isakmp policy 30 group 2
isakmp policy 30 lifetime 86400
vpngroup default address-pool remote-access
vpngroup default dns-server
vpngroup default wins-server
vpngroup default default-domain xxx.local
vpngroup default idle-time 1800
vpngroup default password ********
vpngroup SplitTunnel address-pool remote-access
vpngroup SplitTunnel dns-server
vpngroup SplitTunnel wins-server
vpngroup SplitTunnel default-domain xxx.local
vpngroup SplitTunnel split-tunnel 90
vpngroup SplitTunnel split-dns xxx
vpngroup SplitTunnel idle-time 1800
vpngroup SplitTunnel password ********

Cisco Employee

Re: Cisco Pix 6.2 Split Tunneling Problem

Can you check the route details on your vpn client? What is the secure route pushed? To check this go ahead and once connected right click on the VPN lock icon and click on details. Please post it here.