Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Meaning of The Config


I referred to config I downloaded to setup my pix. I have a question about some of the commands. For instance what does vpngroup groupmarketing "split-tunnel 102"- Now I know what the group command is referring to but I don't know what split-tunnel 102 means. Also what is a "crypto map"?


Re: Meaning of The Config

Split tunnel permits (or not, per the config) a user to access resources through the VPN, and outside the VPN concurrently (i.e., access the Internet while the VPN to Corp is active).

Many places consider it a security risk and do not permit split tunnelling.

The Crypto map is the group of statements that combine all of the other config parameters into a final map.

Good Luck


Re: Meaning of The Config


The 'split-tunnel 102' command enables the split tunneling with access-list number 102.

The access-list 102 defines which traffic flows through the tunnel, others will be sent to gateway for normal internet access.

The 'crypto-map' command is used to define/bind remote-peer IP, transform set, interesting access-list, which need to be applied on outbound interface, normally on the PIX outside interface, where the outbound VPN traffic is sent out to remote peer.


1. Define interesting traffic (to go through vpn tunnel) using access list. This access list only allows traffic from network to reach via vpn.

access-list 102 permit ip

2. Define a crypto map:

crypto map to-Site1 10 ipsec-isakmp

crypto map to-Site1 10 match address 102

crypto map to-Site1 10 set transform-set strong

crypto map to-Site1 10 set peer x.x.x.1

3. Apply the crypto map to the outside interface:

crypto map toSanJose interface outside

PIX Command Ref: