Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pix 501 VPN - local Internet Access

How do I give a VPN client (using Cisco VPN Client software) access to their local network (ie their servers and Internet connection), while being connected to a remote Pix 501 via VPN client? Is there a command that enables that?


Re: Pix 501 VPN - local Internet Access

Its not one simple command

You need configure PIX as Easy VPN server

Try this document


Hope that helps, rate if it does


Re: Pix 501 VPN - local Internet Access

the feature named "split tunneling" needs to be configured on the pix.

below are the sample codes:

access-list 101 permit ip

access-list 120 permit ip

nat (inside) 0 access-list 101

isakmp policy 10 authentication pre-share

isakmp policy 10 encryption 3des

isakmp policy 10 hash md5

isakmp policy 10 group 2

isakmp policy 10 lifetime 86400

isakmp identity address

isakmp nat-traversal 20

crypto ipsec transform-set vpnset esp-3des esp-md5-hmac

ip local pool ippool

vpngroup vpnclient address-pool ippool

vpngroup vpnclient idle-time 1800

vpngroup vpnclient dns-server

vpngroup vpnclient password cisco456

vpngroup vpnclient split-tunnel 120

crypto dynamic-map dynmap 10 set transform-set vpnset

crypto map remote_vpn 20 ipsec-isakmp dynamic dynmap

username cisco password cisco123

aaa-server LOCAL protocol local

crypto map remote_vpn client authentication LOCAL

crypto map remote_vpn client configuration address initiate

crypto map remote_vpn client configuration address respond