In PIX version 7.x, the split tunneling Access Control List (ACL) is now a standard list. The addresses in this list are the local networks only (local to the PIX) and not the client pool. The commands appear similar to this:
access-list split standard permit 192.168.1.0 255.255.255.0 group-policy vpn internal group-policy vpn attributes split-tunnel-policy tunnelspecified split-tunnel-network-list value split
Note: You must meet these conditions to implement split tunneling for Microsoft XP clients:
Set the split tunneling policy to only tunnel networks in the list.
Configure network lists and default domain names in the Common Client Parameters section of this window.
Change the default setting on the client PC's Internet Protocol (TCP/IP) Properties window. Select Control Panel > Network Connections > VPN > VPN Properties > Networking > Internet Protocol (TCP/IP) > Properties and go to the Internet Protocol (TCP/IP) Properties window. Then choose Advanced and uncheck the box.
Note: If you enable both split tunneling and individual user authentication for a VPN 3002 Hardware Client, you must authenticate only when sending traffic bound for destinations on the other side of the IPsec tunnel.