Before I add split-tunnel to the config, VPN client can access internal network but can not browse internet through their proxy. Proxy can be ping'd. Route was added for VPN subnet to point back to PIX.
When I had split-tunnel, VPN client can no longer access internal network!!!
I have placed the configuration here for review. I have reviewed it with examples and can not see where I went wrong.
PIX Version 6.1(2)
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password 1J4AUgl4pqf/4txW encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
fixup protocol ftp 21
fixup protocol http 80
fixup protocol h323 1720
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol sip 5060
fixup protocol skinny 2000
access-list acl_out permit tcp any host 126.96.36.199 eq 445
!---- access is needed to a number of internal networks
access-list 101 permit ip 10.0.0.0 255.0.0.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 188.8.131.52 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 184.108.40.206 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 192.168.160.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 192.168.170.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list 101 permit ip 192.168.180.0 255.255.255.0 192.168.15.0 255.255.255.0
pager lines 24
interface ethernet0 10baset
interface ethernet1 10baset
mtu outside 1452
mtu inside 1452
ip address outside 220.127.116.11 255.255.255.224
ip address inside 10.11.13.1 255.0.0.0
ip audit info action alarm
ip audit attack action alarm
ip local pool clientpool 192.168.15.1-192.168.15.24
We have tried your suggestion but find that we still have the same problem.
When the split-tunnel is enabled, we can not ping nor access devices on the internal networks. When we querry our client network configuration we see our DNS is the internal one. When we try to browse the internet (split-tunnel enabled), we can not access sites by name. We can ping IP external addresses but can not bring up HTTP pages.