Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Universal VPN Client?

I have a question about the universal VPN client. I’ve used the Safenet IRE client in the past to connect to the PIX FW and 1700 series VPN devices. My question is can you change the address range the universal client encrypts data for. You will notice that it will encrypt data for network mask, which is every packet. It has been my experience that you either VPN or surf the Internet, not both at the same time. With the IRE client it is possible to do this, am I missing a menu or setting in the new client?

Any thoughts? Cisco?


Michael T. Fistler

Cisco CCIE #4503

Sr. Systems Engineer, Networking Concepts, Inc.

New Member

Re: Universal VPN Client?

Did you set the vpngroup split tunnel option. I know it works on the PIX not so sure about the 1700 series router.

Have fun

New Member

Re: Universal VPN Client?

You're right about the new client, unlike in the IRE client you could specify which traffic is to be protected by IPSEC. The new client 3.0 gets this information from the FW. You would create an access-list in the firewall and use the split-tunnel command. See example

access-list 180 permit ip

vpngroup your_vpn_group split-tunnel 180

Now only traffic to the FW will be encrypted. Regular internet traffic won't be encrypted.