If I ping the client's tunnel address from a host that is configured as untunnelled (via spliut tunnelling), the ping works but the response is from the client "real" address.

If I ping the client's tunnel address from any other host then I get a normal repsonse from that address.

These are exactly the results I would expect.

Configuring split tunneling and client firewall is not difficult.

http://www.cisco.com/warp/customer/471/vpn35-split.html

confirms the steps I followed. The client firewall policy is sucessfully pushed as seen on the client.. It just doesn't do anything.

Difficult to say what's going on without seeing a screen shot of your client firewall policy. Do you definately have a Drop Any as the last line in the policy? Can you verify that the default action for the default client filter is to Drop, not Forward?

You're correct in stating that this filter only applies to non-tunnelled traffic, so pinging this host from an outside PC should result in the packets being dropped. Are you pinging from a host on the private interface of the concentrator, or from a host on the Public? You mention that you were able to ping the VPN address of this PC from an outside host, but I doubt you could do that unless you were pinging from inside the VPN concentrator.

Are you sure the split tunnelling that you've set up is to include only those particular hosts, not exclude them and send everything else over the tunnel? You should have "only tunnel networks in list" selected under the split tunnelling section.

The concentrator is connected to a PIX firewall. The firewall outside interface is effectively "public". The concentrator public and private interfaces are each connected to two other PIX interfaces. The PIX inside interface is connected to the inside network. ie, the PIX is using 4 interfaces with 2 of them connected driectly (and only) to the concentrator. Actually it's a bit more complex than that as there are 2xVPN3060's and 2 x PIX's in a load balanced (for the VPN)/failover (for the PIX) configuration.

Any traffic from inside (such as a ping) to outside to the "real" client addresses goes via the PIX but not the concentrator. A ping to a VPN address is routed to the concentrator and then (via IPSec) to the client.

The public network is not the internet but a private WAN which when fully commisioned will be some 1000 sites.

The client firewall config as shown on the client status screen shows (i'm working from memory here as I'm not presently onsite)..

- First 2 lines are always forward any local in and forward local any out. It's not clear but I found in documentation that these lines always refer to VPN traffic and never change.

- Last line is Drop any any. Doco says this is the default action. This matches the default action for the filter.

- Any lines in between correspond to the firewall filter rules I have configured. eg. Forward out local any (the default rule)

My split tunneling setup is to tunnel everything, but exclude networks in list. The list contains 2 host entries and 1 class C network. Again the client status correctly reflects these settings. The results for pings etc from tunneled/untunneled hosts are as expected, ie only untunnelled hosts are able to see the "real" address. The untunnelled hosts/networks are also inside. Split tunnelling is used for network management so that management tools can perceive an accurate network topology.