Why not just implement the following feature if your clients are connecting to a PIX/VPN Concentrator!?!
You define an access-list, access-list SplitTunnel permit ip 192.168.x.x 255.255.255.0 192.168.x.x 255.255.255.0 Then enable the Split Tunnel feature in your VPNGROUP definitions, vpngroup name-of-crypto-map-applied-to-outside-interface split-tunnel SplitTunnel <-name of access-list. You can get a more detailed answer to this at the following... http://www.cisco.com/warp/public/110/pix3000.html Also, I don't know if this is applicable to Cisco Routers. Disclaimer: I'm definitely not an expert on the PIX yet, so you might have caveats that I'm not aware of, or taking into consideration. All I know is, I've just implemented this for a client, and it works fine. Of course, it hasn't been used in a extended period fashion yet... so I don't have experience to reflect on about how well it works over large periods of time. HTHs! Mark -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Craig Columbus Sent: Thursday, April 25, 2002 5:25 PM To: [EMAIL PROTECTED] Subject: Alternatives to Cisco VPN client [7:42604] Let me preface this by saying that all of my VPN experience has been either peer-peer or client to peer with the Cisco VPN client 1.x or 3.x. Please ignore my ignorance if I've missed something obvious. I've got a major complaint with the Cisco VPN client. It's not smart enough to differentiate local traffic/Internet traffic from VPN traffic. Therefore, you can't browse the Internet and your VPN network at the same time. I'm looking for alternative software clients that are smart enough to say "Ok. Any traffic destined for 10.x.x.x (or whatever you define VPN traffic to be) goes to the tunnel. If the traffic has any destination other than 10.x.x.x, it's treated as if the tunnel weren't even present." This would allow my client machine to easily browse the Internet and the VPN remote network at the same time. I've done some preliminary searches for third-party clients, but don't want to waste time trying 50 clients that may not be any good. I've found some for Mac OS X that'll do what I want, but I haven't found one for Win 9x/ME/NT/2K/XP. There's got to be a decent client that does this. Sorry for rambling.... :-) It's been a long day. As usual, thanks in advance to everyone. Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42613&t=42604 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
