Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

split tunnel not working, please help

all my attempts to configure split tunneling for a vpn user (pix 515) do not work.

can some one please tell me why?

I have configured the vpn user with the vpn wizard at the pix pdm , I have marked the checkbox for split tunnel.

this is the config: (inside ip= )

vpngroup bezeqint split-tunnel bezeqint_splitTunnelAcl

access-list bezeqint_splitTunnelAcl permit ip any

* the result is that the vpn client get access to internet but not to the internal network. when i disable the split tunnel , the user get access to the internal network without internet.

Community Member

Re: split tunnel not working, please help


The access-list must be:

access-list bezeqint_splitTunnelAcl permit ip [IP Address of the IP Address POOL]

per example:

ip local pool mypool

access-list bezeqint_splitTunnelAcl permit ip

Hope that helps.


Community Member

Re: split tunnel not working, please help


Hi, I am having the exact same problem as With split tunneling enabled on the PIX, all remote VPN clients can access the internet BUT cannot access the local LAN resources.

So, I disabled split tunneling and can now access local LAN resources, BUT cannot access the internet. I already have the access lists in place that you recommended.

(Internal LAN - (VPN client subnet -

access-list 100 permit ip

access-list 100 permit ip

ip local pool CLIENTPOOL

access-group 100 in interface outside

Is it possible to have split tunneling enabled for internet access AND be able to access the internal LAN at the same time? If so what am I missing here?

Thanks for your help!!


CreatePlease to create content