Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

PIX split-tunnel VPN for software vpn clients

I would like all traffic to be encrypted except to one IP address. Is this possiable?

I'm using:

vpngroup TEST split-tunnel 101

Thanks! Any help is greatly appriciated.

-Jesse

5 REPLIES
New Member

Re: PIX split-tunnel VPN for software vpn clients

Not possible with PIX. This can be done only on vpn3000 concentrator.

New Member

Re: PIX split-tunnel VPN for software vpn clients

But in the release of pix os version 6.3,this is a new feature.

Am I lost any important information?

Is it possible that pix support this feature in the future?

New Member

Re: PIX split-tunnel VPN for software vpn clients

What new feature you are refering to?

I haven't heard anything yet from the developement that this is going to be supported.

New Member

Re: PIX split-tunnel VPN for software vpn clients

Try a "deny" in the split-tunnel ACL for that 1 IP. Put it at the top of the list, just to avoid it matching something else in the ACL.

Would not recommend it though if the packet is going to traverse any public / shared infrastructure.

New Member

Re: PIX split-tunnel VPN for software vpn clients

On cisco IOS routers and PIX, only permit statements of the ACL will be downloaded to the vpn client as the splittunneling policy. Deny statements are simply ignored.

202
Views
0
Helpful
5
Replies