In PIX version 7.x, the split tunneling Access Control List (ACL) is now a standard list. The addresses in this list are the local networks only (local to the PIX) and not the client pool. The commands appear similar to this:
access-list split standard permit 192.168.1.0 255.255.255.0
group-policy vpn internal
group-policy vpn attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
Note: You must meet these conditions to implement split tunneling for Microsoft XP clients:
* Set the split tunneling policy to only tunnel networks in the list.
* Configure network lists and default domain names in the Common Client Parameters section of this window.
* Change the default setting on the client PC's Internet Protocol (TCP/IP) Properties window. Select Control Panel > Network Connections > VPN > VPN Properties > Networking > Internet Protocol (TCP/IP) > Properties and go to the Internet Protocol (TCP/IP) Properties window. Then choose Advanced and uncheck the box.
Note: If you enable both split tunneling and individual user authentication for a VPN 3002 Hardware Client, you must authenticate only when sending traffic bound for destinations on the other side of the IPsec tunnel.