https://community.cisco.com/t5/network-security/pix-515e-and-split-tunnelling/m-p/418481#M528737 <P>I have a network setup as follows:-</P><P>Internal 220.0.0.1</P><P>VPN users pool 172.20.0.0</P><P></P><P>We can connect via VPN and see internal network.</P><P></P><P>I want to enable split-tunnelling.</P><P></P><P>I have the following IPSec Rule setup:-</P><P>Protect</P><P>Tunneling Policy ODynamic20</P><P>Firewall Side</P><P> Interface Inside 0.0.0.0</P><P>Remote Side</P><P> Interface Outside</P><P> IP Address 172.20.0.0</P><P> Mask 255.255.255.254</P><P>Protcoal</P><P> IP</P><P></P><P>If I click on split tunnelling and use this policy I can access the internet (from the client ) but not the internal network 220.0.0.1!</P><P></P><P>If I remove the policy I can access the internal network and not access the internet!</P><P></P><P>Do I need to define a new policy or enter the network detials in the manage split tunnell screen?</P><P></P><P>Can any answers tell me refer me to the web interface as I find this easier to use then using commands!</P> Fri, 21 Feb 2020 08:37:55 GMT mawallace 2020-02-21T08:37:55Z https://community.cisco.com/t5/network-security/pix-515e-and-split-tunnelling/m-p/418481#M528737 <P>I have a network setup as follows:-</P><P>Internal 220.0.0.1</P><P>VPN users pool 172.20.0.0</P><P></P><P>We can connect via VPN and see internal network.</P><P></P><P>I want to enable split-tunnelling.</P><P></P><P>I have the following IPSec Rule setup:-</P><P>Protect</P><P>Tunneling Policy ODynamic20</P><P>Firewall Side</P><P> Interface Inside 0.0.0.0</P><P>Remote Side</P><P> Interface Outside</P><P> IP Address 172.20.0.0</P><P> Mask 255.255.255.254</P><P>Protcoal</P><P> IP</P><P></P><P>If I click on split tunnelling and use this policy I can access the internet (from the client ) but not the internal network 220.0.0.1!</P><P></P><P>If I remove the policy I can access the internal network and not access the internet!</P><P></P><P>Do I need to define a new policy or enter the network detials in the manage split tunnell screen?</P><P></P><P>Can any answers tell me refer me to the web interface as I find this easier to use then using commands!</P> Fri, 21 Feb 2020 08:37:55 GMT https://community.cisco.com/t5/network-security/pix-515e-and-split-tunnelling/m-p/418481#M528737 mawallace 2020-02-21T08:37:55Z https://community.cisco.com/t5/network-security/pix-515e-and-split-tunnelling/m-p/418482#M528738 <HTML><HEAD></HEAD><BODY><P>Hello Wallace,</P><P></P><P>Really sorry. I will have to give it on the CLI. I havent much worked with the PDM.</P><P></P><P>Its actually straight forward. You just need to create an access-list on the PIX, specifying the source and destination networks and apply this onto the vpn-group command on the PIX. </P><P></P><P>example:</P><P></P><P>local network on the PIX - 10.1.1.0/24</P><P>remote network (in ur case) 172.20.0.0</P><P></P><P>Just create an ACL:</P><P></P><P>access-list 50 permit ip 10.1.1.0 255.255.255.0 172.20.0.0 255.255.255.0</P><P></P><P>vpngroup abcxyz split-tunnel 50</P><P></P><P>This will allow only traffic between the local networks through the IPSEC tunnel. Other traffic (internet) will be flowing through the LAN card.</P><P></P><P>Hope this helps. rate replies if found useful.</P><P></P><P>Raj</P></BODY></HTML> Tue, 10 Jan 2006 11:05:51 GMT https://community.cisco.com/t5/network-security/pix-515e-and-split-tunnelling/m-p/418482#M528738 sachinraja 2006-01-10T11:05:51Z