05-15-2006 11:59 AM - edited 03-09-2019 02:55 PM
All,
I referred to config I downloaded to setup my pix. I have a question about some of the commands. For instance what does vpngroup groupmarketing "split-tunnel 102"- Now I know what the group command is referring to but I don't know what split-tunnel 102 means. Also what is a "crypto map"?
05-15-2006 04:00 PM
Split tunnel permits (or not, per the config) a user to access resources through the VPN, and outside the VPN concurrently (i.e., access the Internet while the VPN to Corp is active).
Many places consider it a security risk and do not permit split tunnelling.
The Crypto map is the group of statements that combine all of the other config parameters into a final map.
Good Luck
Scott
05-15-2006 07:29 PM
Hi,
The 'split-tunnel 102' command enables the split tunneling with access-list number 102.
The access-list 102 defines which traffic flows through the tunnel, others will be sent to gateway for normal internet access.
The 'crypto-map' command is used to define/bind remote-peer IP, transform set, interesting access-list, which need to be applied on outbound interface, normally on the PIX outside interface, where the outbound VPN traffic is sent out to remote peer.
Example:
1. Define interesting traffic (to go through vpn tunnel) using access list. This access list only allows traffic from network 192.168.12.0 to reach 10.0.0.0 via vpn.
access-list 102 permit ip 192.168.12.0 255.255.255.0 10.0.0.0 255.0.0.0
2. Define a crypto map:
crypto map to-Site1 10 ipsec-isakmp
crypto map to-Site1 10 match address 102
crypto map to-Site1 10 set transform-set strong
crypto map to-Site1 10 set peer x.x.x.1
3. Apply the crypto map to the outside interface:
crypto map toSanJose interface outside
PIX Command Ref:
Rgds,
AK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide