Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

split tunnel not working, please help

all my attempts to configure split tunneling for a vpn user (pix 515) do not work.

can some one please tell me why?

I have configured the vpn user with the vpn wizard at the pix pdm , I have marked the checkbox for split tunnel.

this is the config: (inside ip=192.168.1.0 )

vpngroup bezeqint split-tunnel bezeqint_splitTunnelAcl

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any

* the result is that the vpn client get access to internet but not to the internal network. when i disable the split tunnel , the user get access to the internal network without internet.

1 REPLY
New Member

Re: split tunnel not working, please help

you need to reconfigure the access-list

access-list bezeqint_splitTunnelAcl permit ip 192.168.1.0 255.255.255.0 any

what is the address-pool that the clients get when dialing in?

if you assign your vpn clients addresses from another subnet/ a pool:

-i.e.

ip local pool vpnclients 192.168.2.1-192.168.2.254

and then define the acl as

access-list bezeqint_splitTunnelAcl permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0

vpngroup superteam split-tunnel bezeqint_splitTunnelAcl

you should be ok.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00800eb0b5.html#997762

81
Views
0
Helpful
1
Replies
CreatePlease to create content