https://community.cisco.com/t5/network-security/cisco-pix-6-2-split-tunneling-problem/m-p/1373904#M723415 <HTML><HEAD></HEAD><BODY><P>Can you check the route details on your vpn client? What is the secure route pushed? To check this go ahead and once connected right click on the VPN lock icon and click on details. Please post it here.</P></BODY></HTML> Thu, 04 Feb 2010 18:36:19 GMT Ivan Martinon 2010-02-04T18:36:19Z https://community.cisco.com/t5/network-security/cisco-pix-6-2-split-tunneling-problem/m-p/1373903#M723393 <P>I am trying to setup a second vpngroup on a pix 6.2 (I know</P><P>it is old but can't upgrade it yet) and am having a problem. I can connect to the new vpngroup and it works when there is not split tunnel configured but</P><P>when I add the split tunnel command it will not route and I see the 'bypassed' packets count going up.&nbsp; Not sure what is causing this, but any help you can give would be appreciated.&nbsp; Below is my config for the firewall.&nbsp; let me know if you see anything that could be causign the problem.</P><P></P><P>access-list 90 permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0</P><P>aaa-server TACACS+ protocol tacacs+ <BR />aaa-server RADIUS protocol radius <BR />aaa-server LOCAL protocol local <BR />aaa-server auth-servers protocol radius <BR />aaa-server auth-servers (inside) host 192.168.0.12 ******** timeout 60<BR />ip local pool remote-access 192.168.6.1-192.168.6.254<BR />crypto ipsec transform-set xform-set esp-des esp-md5-hmac <BR />crypto dynamic-map dynmap 10 set transform-set xform-set<BR />crypto map test2 10 ipsec-isakmp dynamic dynmap<BR />crypto map test2 client configuration address initiate<BR />crypto map test2 client authentication auth-servers<BR />crypto map test2 interface outside<BR />isakmp enable outside<BR />isakmp client configuration address-pool local remote-access outside<BR />isakmp policy 10 authentication pre-share<BR />isakmp policy 10 encryption des<BR />isakmp policy 10 hash md5<BR />isakmp policy 10 group 2<BR />isakmp policy 10 lifetime 86400<BR />isakmp policy 30 authentication pre-share<BR />isakmp policy 30 encryption des<BR />isakmp policy 30 hash sha<BR />isakmp policy 30 group 2<BR />isakmp policy 30 lifetime 86400<BR />vpngroup default address-pool remote-access<BR />vpngroup default dns-server 192.168.0.12<BR />vpngroup default wins-server 192.168.0.12<BR />vpngroup default default-domain xxx.local<BR />vpngroup default idle-time 1800<BR />vpngroup default password ********<BR />vpngroup SplitTunnel address-pool remote-access<BR />vpngroup SplitTunnel dns-server 192.168.0.12<BR />vpngroup SplitTunnel wins-server 192.168.0.12<BR />vpngroup SplitTunnel default-domain xxx.local<BR />vpngroup SplitTunnel split-tunnel 90<BR />vpngroup SplitTunnel split-dns xxx<BR />vpngroup SplitTunnel idle-time 1800<BR />vpngroup SplitTunnel password ********</P> Mon, 11 Mar 2019 17:03:00 GMT https://community.cisco.com/t5/network-security/cisco-pix-6-2-split-tunneling-problem/m-p/1373903#M723393 nickehunt 2019-03-11T17:03:00Z https://community.cisco.com/t5/network-security/cisco-pix-6-2-split-tunneling-problem/m-p/1373904#M723415 <HTML><HEAD></HEAD><BODY><P>Can you check the route details on your vpn client? What is the secure route pushed? To check this go ahead and once connected right click on the VPN lock icon and click on details. Please post it here.</P></BODY></HTML> Thu, 04 Feb 2010 18:36:19 GMT https://community.cisco.com/t5/network-security/cisco-pix-6-2-split-tunneling-problem/m-p/1373904#M723415 Ivan Martinon 2010-02-04T18:36:19Z