Cisco Support Community
Community Member

Split Tunneling causes Problem

I have a bunch of VPN users all using W2K and up but lately I have been asked to get users working using OLD boxes (486 running 95). Well, when I got the client on their box, they could connect to us (they have a cable modem) and work, but they couldn't surf the web.

Well someone told me that by default all traffic is sent to the default and I have to enable split tunneling for those users to be able to surf. So I tried it:

access-list 101 permit ip (this allows our vpn users to surf our inside network)

then on the vpngroup I have this:

vpngroup mygroup split-tunnel 101

Well when I tested it out, I created the tunnel just fine but could not connect to anything on my network. I looked at the keys and it seemed to create keys for me to browse the inside network, but it didn't work.

So I took the split-tunnel part out. I reconnected and tried again and I could work again but couldn't surf again.

Does anyone have any ideas what is going on???

Cisco Employee

Re: Split Tunneling causes Problem

Your acl for split tunnel is the other way around, it should be internal network, then ip pool. See docs on:

Community Member

Re: Split Tunneling causes Problem

Thanks! That completely explains it.

CreatePlease to create content