Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Split-Tunneling Problem?

I have a PIX 515e as our firewall. Our PIX Firewall has 6 interfaces and servers as a firewall only. There is a VPN 3005 attached to Ethernet2 interface of firewall, serving as the VPN concentrator. External Interface of VPN 3005 is connected to the Ethernet2 interface of PIX Firewall and the internal interface of the VPN 3005 is directly connected to our internal LAN. Clients on the outside connect thru the PIX to the external interface of the VPN3005 and get access to the internal LAN. Everything works fine, until I enable split-tunneling. After enabling the split-tunneling on VPN 3005, VPN Clients can no longer access the internal LAN anymore. As soon as I disable the split-tunneling on VPN 3005, everything is fine. Any Idea?


PS. When I use the Cisco VPN Client to connect from a PC on the internal LAN to the inside interface of VPN 3005 with the split-tunneling enabled (Just for testing purposes), it seems to work fine. Seems like that something goes wrong when doing the split-tunneling thru PIX.

  • Other Security Subjects
New Member

Re: Split-Tunneling Problem?

What split tunneling does is allows you to specify which networks you want to pass through the vpn. If the traffic does not match the access lists you define then it is not allowed through the vpn and is sent to the PC's default gateway which is more than likely the internet. The only traffic we can define on the PIX is the traffic we want to go through the VPN tunnel.