Our main office has just upgraded to Cisco PIX 515E and we have setup some users using VPNClient from our remote sites to the main office. The remote users using this VPNClient without any problem. However, when they are connected to the main office using this VPNClient connection, their local LAN connection will be disconnected so that they couldn't use their remote printers, file sharing, etc.
After going through the help menu from the VPNClient software, I understand that when the 'Allowing Local LAN access parameter' is enabled in both VPNClient and Cisco PIX 515E, I can access the local resources while connected.
Could you please show me step-by-step configuration on both client and central site device, or give me a pointer for the setup guide.
Thank you in advance
I just read in this forum that the 'Allow Local LAN access'-parameter doesn't have any effect with the PIX so you'll have to forget about that option.
You need to use split-tunneling, include all ranges used in the main office which should be accessible for the clients:
access-list split_tunnel_acl permit ip MAINOFFICE-NET1 255.255.255.0 any
access-list split_tunnel_acl permit ip MAINOFFICE-NET2 255.255.255.0 any
It does mean any other traffic will be sent out unencrypted, you can prevent this from happening by using appropriate access-lists.
If I using Microsoft VPN and configure vpdn for PIX, is that any way to configure split tunnel?
You can do it, but only from the client side. Right-click on the dialup connection and left-click on properties. Under networking> Internet Protocol> Properties> Advanced> General Tab, unclick "use default gateway on remote network"