10-01-2002 04:40 AM - edited 02-21-2020 12:05 PM
Hello !
I'm in trouble setting up a connection between a PIX 501 and a VPN 3005 Concentrator. I'm using Easy VPN so the VPN 3005 does set up the parameters for the client. I can't use a classical Site-to-Site Setup because the PIX uses DSL Dialup... So I did set up NEM( Network Extension Mode) on the VPN 3005, accessing the local IPs is required for printing. The Clients are able to access the central site without problems, and they can be accessed too, as long as I don't use split tunneling. As soon as I configure a split tunnel for the networks at the central site, the remote clients can still access the central site, but can't be accessed any more.
Is there a solution / workaround for this ? Do I have to wait for an updated Version of the PIX OS / VPN Concentrator OS ???
HELP !!!! ;)
10-02-2002 09:10 PM
Actually, when split tunnel is setup for the remote side, the central side would only be able to access the remote site if the remote side initiates the traffic first.
You can use bugtool kit to check on CSCdx53187. The code used here is 6.2.2
Regards,
10-02-2002 10:26 PM
Actually I'm using code version 6.2.2 and have the tunnel be initiated from the remote side. The problem is that split tunneling on the concentrator doesn't work. You can either activate split tunnel, so that the remote clients can access the internet, or you can activate "tunnel all traffic" so that you can access the clients from the central side. It is not possible to access them when using split tunnel, even if they initiate the tunnel setup ... Seems like a bug / missing feature to me.
Kind regards, BB
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide