Split tunnel problems between Pix 506E 6.1(2) and client 3.5.1
We can establish a tunnel between the VPN client 3.5.1 and the PIX firewall from a remote address.
The Pix is behind a 800 series router configured for NAT, with a static conversion to the Pix outside interface for all ports.
The Pix translates inside traffic out to a pool of outside addresses.
If we include split-tunnel functionality in the Pix config, connectivity with the internal network behind the Pix from the VPN client is lost, although the tunnel is still established and the client has access to the Internet.
Removing split-tunnel from the config restores connectivity to the internal network and the VPN tunnel provides proper functionality, although the client cannot access the Internet while the tunnel is up, as expected.
However, these problems do not occur if the VPN client is on the same subnet as the outside interface of the PIX - split-tunnel works correctly.
Re: Split tunnel problems between Pix 506E 6.1(2) and client 3.5
Seems like an issue with the addresses you specify in the split tunnel, try making sure you add both the Networks (One behind the PIX and the NATted) also try changing the address pool on the clients if its part of the Inside network. If these don' t help open up a TAC case and send them the Configs to troubleshoot this further.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...