cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
431
Views
0
Helpful
4
Replies

PIX split tunnel

doug.dockter
Level 1
Level 1

I'm implemented a split tunnel (thanks to several posts here) and it works great. But now it seems I've lost the ability to use a static route I have defined (see below). With the split tunnel enabled I am no longer able to get to the devices on the other side of 10.1.255.9 when connected via vpn.

route inside xx.xx.xx.0 255.255.255.0 10.1.255.9 1

4 Replies 4

auraza
Cisco Employee
Cisco Employee

What is your split-tunnel acl? What networks are you trying to reach? Do they have a route back to the VPN Pool that you are assigning to your clients?

Below is the ACL. I'm trying to reach the 10.220.101 network which is on the other side of the 10.1.255.9 router. This all works without split tunneling.

access-list 80 extended permit ip any 192.168.5.0 255.255.255.224

Your split-tunnel ACL works better if it is a standard acl, so suppose you need to get to the 10.1.220.0/24 network, your split-tunnel acl should be:

access-list split_tunnel standard permit 10.1.220.0 255.255.255.0

Add networks to this ACL as needed.

That is what I was missing! Thanks.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: