This isn't really what I'm after. However, as a temporary measure, I decided to enable it and test.
I enabled it and still can't get access to the Internet. Further, when I look at the statistics of the connection, it shows LAN access as disabled, even though I have it enabled in the client. Note that the tunnel comes up fine and I'm able to access the remote network with no problems. I've double checked the split tunnel access list (in this case it's the same as the one used to bypass NAT) and I've verified that the syntax assigning it to the VPN group is correct. I'm testing with PIX code 6.0(1) running on a PIX 506 and am using VPN client 3.5 running on Win ME. Since you've successfully set this up, do you have any idea why this isn't working? Is a reboot of the PIX required after making this code change? Thanks, Craig At 07:47 PM 4/25/2002 -0400, you wrote: >Why not just implement the following feature if your clients are connecting >to a PIX/VPN Concentrator!?! > >You define an access-list, > >access-list SplitTunnel permit ip 192.168.x.x 255.255.255.0 192.168.x.x >255.255.255.0 > >Then enable the Split Tunnel feature in your VPNGROUP definitions, >vpngroup name-of-crypto-map-applied-to-outside-interface split-tunnel >SplitTunnel >You can get a more detailed answer to this at the following... > >http://www.cisco.com/warp/public/110/pix3000.html > >Also, I don't know if this is applicable to Cisco Routers. > >Disclaimer: I'm definitely not an expert on the PIX yet, so you might have >caveats that I'm not aware of, or taking into consideration. All I know is, >I've just implemented this for a client, and it works fine. Of course, it >hasn't been used in a extended period fashion yet... so I don't have >experience to reflect on about how well it works over large periods of time. > >HTHs! > >Mark > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Craig Columbus >Sent: Thursday, April 25, 2002 5:25 PM >To: [EMAIL PROTECTED] >Subject: Alternatives to Cisco VPN client [7:42604] > > >Let me preface this by saying that all of my VPN experience has been either >peer-peer or client to peer with the Cisco VPN client 1.x or 3.x. Please >ignore my ignorance if I've missed something obvious. > >I've got a major complaint with the Cisco VPN client. It's not smart >enough to differentiate local traffic/Internet traffic from VPN >traffic. Therefore, you can't browse the Internet and your VPN network at >the same time. >I'm looking for alternative software clients that are smart enough to say >"Ok. Any traffic destined for 10.x.x.x (or whatever you define VPN traffic >to be) goes to the tunnel. If the traffic has any destination other than >10.x.x.x, it's treated as if the tunnel weren't even present." This would >allow my client machine to easily browse the Internet and the VPN remote >network at the same time. >I've done some preliminary searches for third-party clients, but don't want >to waste time trying 50 clients that may not be any good. I've found some >for Mac OS X that'll do what I want, but I haven't found one for Win >9x/ME/NT/2K/XP. >There's got to be a decent client that does this. >Sorry for rambling.... :-) It's been a long day. > >As usual, thanks in advance to everyone. > >Craig Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42650&t=42604 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
