06-04-2003 10:03 AM - edited 02-21-2020 12:35 PM
I am having difficulty getting split-tunnel to work with VPN Client 4.0.1 to PIX 6.3 connections. If I do not use split-tunneling, the client has complete access to the remote LAN but no local LAN connectivity. If I add the vpngroup xxx split-tunnel command (acl-vpn permit ip inside_net /24ip pool ip range/24 + acl-vpn permit ip inside_net/24 remote network/24), packets will not encrypt or decrypt (only bypass) on the client, and the "local lan access" shows as disabled in the client stats. Is there something new about the 4.0.1 VPN clients configuration on the PIX? Does anyone have a sample config for split-tunneling with all this most recent software?
TIA - drud
06-10-2003 11:11 AM
You should refer to bug CSCea76011 that documents the problem described by you, ie problems with IPSec with Split tunneling on certain machines. As per the bug, the problem has been resolved and you should be seeing a fix pretty soon.
06-10-2003 12:16 PM
Thank you for your reply.
I have the Client 4.0.1 which states that this caveat was resolved:
"IPSec over TCP and/or Split tunneling does not work on certain machines. This issue is the same as CSCdz51629, and CSCdy80016. For example, using a Sierra SMC2632W wireless card, and building a VPN tunnel to a PIX firewall, if split-tunneling is used, then no SAs are built for the networks in the split tunnel list, resulting in no traffic flow over the tunnel"
Perhaps my config is wrong?
ip local pool
nat (inside) 0 access-list nonat
access-list nonat permit ip inside_net 255.255.255.0
vpngroup vpn-1 split-tunnel nonat
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide