Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

PIX split tunnel

I'm implemented a split tunnel (thanks to several posts here) and it works great. But now it seems I've lost the ability to use a static route I have defined (see below). With the split tunnel enabled I am no longer able to get to the devices on the other side of 10.1.255.9 when connected via vpn.

route inside xx.xx.xx.0 255.255.255.0 10.1.255.9 1

4 REPLIES
Cisco Employee

Re: PIX split tunnel

What is your split-tunnel acl? What networks are you trying to reach? Do they have a route back to the VPN Pool that you are assigning to your clients?

New Member

Re: PIX split tunnel

Below is the ACL. I'm trying to reach the 10.220.101 network which is on the other side of the 10.1.255.9 router. This all works without split tunneling.

access-list 80 extended permit ip any 192.168.5.0 255.255.255.224

Cisco Employee

Re: PIX split tunnel

Your split-tunnel ACL works better if it is a standard acl, so suppose you need to get to the 10.1.220.0/24 network, your split-tunnel acl should be:

access-list split_tunnel standard permit 10.1.220.0 255.255.255.0

Add networks to this ACL as needed.

New Member

Re: PIX split tunnel

That is what I was missing! Thanks.

205
Views
0
Helpful
4
Replies
CreatePlease to create content