PIX506 with 6.1(2) and VPN Client 3.5x can not get split-tunnel to work
Before I add split-tunnel to the config, VPN client can access internal network but can not browse internet through their proxy. Proxy can be ping'd. Route was added for VPN subnet to point back to PIX.
When I had split-tunnel, VPN client can no longer access internal network!!!
I have placed the configuration here for review. I have reviewed it with examples and can not see where I went wrong.
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 1J4AUgl4pqf/4txW encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
access-list acl_out permit tcp any host 220.127.116.11 eq 445
!---- access is needed to a number of internal networks
access-list 101 permit ip 10.0.0.0 255.0.0.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 18.104.22.168 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 22.214.171.124 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 192.168.160.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 192.168.170.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 192.168.180.0 255.255.255.0 192.168.15.0 255.255.255.0
pager lines 24
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1452
mtu inside 1452
ip address outside 126.96.36.199 255.255.255.224
ip address inside 10.11.13.1 255.0.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool clientpool 192.168.15.1-192.168.15.24
Re: PIX506 with 6.1(2) and VPN Client 3.5x can not get split-tun
We have tried your suggestion but find that we still have the same problem.
When the split-tunnel is enabled, we can not ping nor access devices on the internal networks. When we querry our client network configuration we see our DNS is the internal one. When we try to browse the internet (split-tunnel enabled), we can not access sites by name. We can ping IP external addresses but can not bring up HTTP pages.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...