Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

User connected to the PIX using the Cisco VPN Client 3.x or later cannot get to the Internet

Core issue

The PIX will not redirect traffic back out the same interface it came in on.

Resolution

To have Internet access while connected to the PIX with the VPN Client, you must enable split-tunneling.

  1. Enable split-tunneling on the vpngroup in the PIX.

2.   Create an access list that defines the PIX internal subnets to the pool of addresses used by the vpngroup, and then point the split-tunneling to that access list.

See the following partial PIX configuration.

ip address inside 192.168.0.0 255.255.255.0

ip local pool vpnpool 172.16.1.1-172.16.1.254

access-list WEB permit ip 192.168.0.0 255.255.255.0 172.16.1.0 255.255.255.0

vpngroup CLIENTVPN split-tunnel WEB

465
Views
0
Helpful
0
Comments