Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Split Tunneling only for some remote Users

Hello Folks

I have a customer who has a PIX 6.3. Currently all remote VPN users goes through the internet through corporate since users are allowed to connect from their home machines (Split Tunneling OFF). Now, they will provide a corporate laptop to a user who will mainly perform work on the road and they need that certain traffic go directly from the laptop to the internet.

My question is, Is it possible to enable split tunnelling for a group of users and keep it disable for another group of users?

Is there a link where I can peek how this can be done?

Thanks in advance.

Community Member

Re: Split Tunneling only for some remote Users

Hi Jorge,

yes you can do it. Here's an excerpt from our PIX running 6.3(5)

Notice the different VPN groups - details changed :)

vpngroup A address-pool A

vpngroup A dns-server x.x.x.x

vpngroup A default-domain DOMAIN

vpngroup A idle-time 1800

vpngroup A password AAA

vpngroup B address-pool B

vpngroup B dns-server x.x.x.x

vpngroup B default-domain DOMAIN

vpngroup B split-tunnel NONAT

vpngroup B idle-time 1800

vpngroup B password BBB

access-list NONAT permit ip

If I were you I'd create a new address pool just for that user, which will allow for scalability if more road warriors come into the frame. Any additional can then be placed into the same vpngroup



Community Member

Re: Split Tunneling only for some remote Users

Thanks Ali

CreatePlease to create content