For more information on how to configure the PIX Firewall, refer to Configuring Cisco Easy VPN With PIX-to-PIX as Server and Client.
For more information about the use of split tunneling, refer to these documents:
For detailed instructions on how to set up split tunneling on the VPN 3000 Concentrator, refer to Configuring Cisco VPN Client 3.5 and the Cisco Integrated Client to Secure Nonencrypted Traffic While Using Split Tunneling.
Split Tunneling in PIX Version 7.x
In PIX version 7.x, the split tunneling Access Control List (ACL) is now a standard list. The addresses in this list are the local networks only (local to the PIX) and not the client pool. The commands appear similar to this:
access-list split standard permit 192.168.1.0 255.255.255.0
group-policy vpn internal
group-policy vpn attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
If you have any browsing issues while configuring split tunneling, refer to How to resolve Cisco VPN Client problems with name resolution
.
Note: You must meet these conditions to implement split tunneling for Microsoft XP clients:
- Set the split tunneling policy to only tunnel networks in the list.
- Configure network lists and default domain names in the Common Client Parameters section of this window.
- Change the default setting on the client PC's Internet Protocol (TCP/IP) Properties window. Select Control Panel > Network Connections > VPN > VPN Properties > Networking > Internet Protocol (TCP/IP) > Properties and go to the Internet Protocol (TCP/IP) Properties window. Then choose Advanced and uncheck the box.
Note: If you enable both split tunneling and individual user authentication for a VPN 3002 Hardware Client, you must authenticate only when sending traffic bound for destinations on the other side of the IPsec tunnel.
