Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX 7.0 Tunnel-Split Problem

After I log on the PIX,I can obtain a IP address from the local pool kbvpn,but I can't go to the internet.The attachment is the configuration of the PIX.

1 REPLY
Cisco Employee

Re: PIX 7.0 Tunnel-Split Problem

You have the following:

access-list SplitTunnel standard permit 172.16.100.0 255.255.255.0

group-policy Kraiburg attributes

split-tunnel-policy excludespecified

This says tunnel everything (including Internet traffic) EXCEPT the 172.16.100.0 network, probably not what you want. Remembe ryour split tunnel networks are networks you want to get to over the VPN, they're not your VPN pool of addresses

Change it to:

access-list SplitTunnel standard permit 10.1.1.0 255.255.255.0

group-policy Kraiburg attributes

split-tunnel-policy tunnelspecified

and then you will only tunnel the traffic destined for the 10.1.1.0 network, all other traffic will go out in the clear to the Internet.

219
Views
3
Helpful
1
Replies
CreatePlease login to create content