Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
1
Replies

Split tunnel problems between Pix 506E 6.1(2) and client 3.5.1

alan_kallas
Level 1
Level 1

‎08-20-2002 06:36 PM - edited ‎02-20-2020 10:12 PM

We can establish a tunnel between the VPN client 3.5.1 and the PIX firewall from a remote address.

The Pix is behind a 800 series router configured for NAT, with a static conversion to the Pix outside interface for all ports.

The Pix translates inside traffic out to a pool of outside addresses.

If we include split-tunnel functionality in the Pix config, connectivity with the internal network behind the Pix from the VPN client is lost, although the tunnel is still established and the client has access to the Internet.

Removing split-tunnel from the config restores connectivity to the internal network and the VPN tunnel provides proper functionality, although the client cannot access the Internet while the tunnel is up, as expected.

However, these problems do not occur if the VPN client is on the same subnet as the outside interface of the PIX - split-tunnel works correctly.

Any suggestions?

Thanks in advance.

Alan Kallas

0 Helpful
1 Reply 1

awaheed
Cisco Employee
Cisco Employee

‎08-20-2002 10:36 PM

Hi Alan,

Seems like an issue with the addresses you specify in the split tunnel, try making sure you add both the Networks (One behind the PIX and the NATted) also try changing the address pool on the clients if its part of the Inside network. If these don' t help open up a TAC case and send them the Configs to troubleshoot this further.

Hope this helps,

Regards,

Aamir

-=-=-

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card