Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

split tunnel not working, please help

all my attempts to configure split tunneling for a vpn user (pix 515) do not work.

can some one please tell me why?

I have configured the vpn user with the vpn wizard at the pix pdm , I have marked the checkbox for split tunnel.

this is the config: (inside ip=192.168.1.0 )

vpngroup bezeqint split-tunnel bezeqint_splitTunnelAcl

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any

* the result is that the vpn client get access to internet but not to the internal network. when i disable the split tunnel , the user get access to the internal network without internet.

2 REPLIES
Community Member

Re: split tunnel not working, please help

Hi,

The access-list must be:

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 [IP Address of the IP Address POOL]

per example:

ip local pool mypool 192.168.10.1-192.168.10.254

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

Hope that helps.

Markus

Community Member

Re: split tunnel not working, please help

Markus,

Hi, I am having the exact same problem as leeb@bezeqint.net. With split tunneling enabled on the PIX, all remote VPN clients can access the internet BUT cannot access the local LAN resources.

So, I disabled split tunneling and can now access local LAN resources, BUT cannot access the internet. I already have the access lists in place that you recommended.

(Internal LAN - 199.199.0.0/16) (VPN client subnet - 172.16.1.0/24)

access-list 100 permit ip 199.199.0.0 255.255.0.0 172.16.1.0 255.255.255.0

access-list 100 permit ip 172.16.1.0 255.255.255.0 199.199.0.0 255.255.0.0

ip local pool CLIENTPOOL 172.16.1.1-172.16.1.253

access-group 100 in interface outside

Is it possible to have split tunneling enabled for internet access AND be able to access the internal LAN at the same time? If so what am I missing here?

Thanks for your help!!

TV

122
Views
0
Helpful
2
Replies
CreatePlease to create content