I am having difficulty getting split-tunnel to work with VPN Client 4.0.1 to PIX 6.3 connections. If I do not use split-tunneling, the client has complete access to the remote LAN but no local LAN connectivity. If I add the vpngroup xxx split-tunnel command (acl-vpn permit ip inside_net /24ip pool ip range/24 + acl-vpn permit ip inside_net/24 remote network/24), packets will not encrypt or decrypt (only bypass) on the client, and the "local lan access" shows as disabled in the client stats. Is there something new about the 4.0.1 VPN clients configuration on the PIX? Does anyone have a sample config for split-tunneling with all this most recent software?
You should refer to bug CSCea76011 that documents the problem described by you, ie problems with IPSec with Split tunneling on certain machines. As per the bug, the problem has been resolved and you should be seeing a fix pretty soon.
I have the Client 4.0.1 which states that this caveat was resolved:
"IPSec over TCP and/or Split tunneling does not work on certain machines. This issue is the same as CSCdz51629, and CSCdy80016. For example, using a Sierra SMC2632W wireless card, and building a VPN tunnel to a PIX firewall, if split-tunneling is used, then no SAs are built for the networks in the split tunnel list, resulting in no traffic flow over the tunnel"
Perhaps my config is wrong?
ip local pool
nat (inside) 0 access-list nonat
access-list nonat permit ip inside_net 255.255.255.0 255.255.255.0
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...