Re: Pix 501 Easy VPN to 3005 with Split Tunnel

inspire · ‎10-01-2002

Hello !

I'm in trouble setting up a connection between a PIX 501 and a VPN 3005 Concentrator. I'm using Easy VPN so the VPN 3005 does set up the parameters for the client. I can't use a classical Site-to-Site Setup because the PIX uses DSL Dialup... So I did set up NEM( Network Extension Mode) on the VPN 3005, accessing the local IPs is required for printing. The Clients are able to access the central site without problems, and they can be accessed too, as long as I don't use split tunneling. As soon as I configure a split tunnel for the networks at the central site, the remote clients can still access the central site, but can't be accessed any more.

Is there a solution / workaround for this ? Do I have to wait for an updated Version of the PIX OS / VPN Concentrator OS ???

HELP !!!! ;)

edadios · ‎10-02-2002

Actually, when split tunnel is setup for the remote side, the central side would only be able to access the remote site if the remote side initiates the traffic first.

You can use bugtool kit to check on CSCdx53187. The code used here is 6.2.2

Regards,

inspire · ‎10-02-2002

Actually I'm using code version 6.2.2 and have the tunnel be initiated from the remote side. The problem is that split tunneling on the concentrator doesn't work. You can either activate split tunnel, so that the remote clients can access the internet, or you can activate "tunnel all traffic" so that you can access the clients from the central side. It is not possible to access them when using split tunnel, even if they initiate the tunnel setup ... Seems like a bug / missing feature to me.

Kind regards, BB