Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
3
Helpful
1
Replies

PIX 7.0 Tunnel-Split Problem

China_Eric
Level 1
Level 1

‎04-13-2006 06:08 PM - edited ‎02-21-2020 12:50 AM

After I log on the PIX,I can obtain a IP address from the local pool kbvpn,but I can't go to the internet.The attachment is the configuration of the PIX.

Preview file
5 KB
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎04-15-2006 10:33 AM

You have the following:

access-list SplitTunnel standard permit 172.16.100.0 255.255.255.0

group-policy Kraiburg attributes

split-tunnel-policy excludespecified

This says tunnel everything (including Internet traffic) EXCEPT the 172.16.100.0 network, probably not what you want. Remembe ryour split tunnel networks are networks you want to get to over the VPN, they're not your VPN pool of addresses

Change it to:

access-list SplitTunnel standard permit 10.1.1.0 255.255.255.0

group-policy Kraiburg attributes

split-tunnel-policy tunnelspecified

and then you will only tunnel the traffic destined for the 10.1.1.0 network, all other traffic will go out in the clear to the Internet.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card