Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Split-tunnels in PIX for VPN 3.5 client

Can I use an access-list like access-list 101 permit tcp any any eq domain

for vpngroup 1 split-tunnel 101 ? Can I specify which services to encrypt or just

IP addresses?

Thanks

3 REPLIES
New Member

Re: Split-tunnels in PIX for VPN 3.5 client

For a LAN to LAN tunnel on a router or PIX, I am pretty sure we can do that.

Because I have helped some customers make that working.

For VPN client 3.x, I do not think you can secify in service level.

Because this client originally working for a VPN 3000 concentrator.

In a concentrator, the network list can only configed in IP network level.

There is no way to specify TCP or UDP port level for split-tunnel on a VPN 3000 concentrator.

New Member

Re: Split-tunnels in PIX for VPN 3.5 client

Thanks. The reason I asked was because of the tendency of Windows NT to

not consistently use DNS servers that are specified in the vpngroup settings.

It will sometimes use the DNS servers specified in the VPN client settings but also use DNS servers specified in say the dialup settings.

New Member

Re: Split-tunnels in PIX for VPN 3.5 client

The feature you are talking about is "split-dns", it will be supported from VPN client 3.6 version which will be released soon.

90
Views
0
Helpful
3
Replies
CreatePlease login to create content