I'm working with a PIX 506 to setup VPN from an office location to my home network. The PIX is at my home and I'm using the Cisco VPN client on an XP workstation.
My problem is thus:
I can get a split tunnel working and get connected. Everything works great. Too great. In spite of the command:
vpngroup foo address-pool vpn-address-3 vpngroup foo dns-server helios titan vpngroup foo wins-server helios vpngroup foo split-tunnel foo_splitTunnelAcl vpngroup foo split-dns foo.net foo.org vpngroup foo idle-time 1800 vpngroup foo password ********
The tunnel is swallowing ALL dns requests. Obviously the clients are getting DNS settings from the vpngroup and after a connection is made all requests go to those servers. This isn't going to work. I need to also be able to resolve DNS names from the client side network and connect to them. Right now I can't do that since the internal DNS on the client side is not public. And the VPN side has no way to replicate these entries, nor would I want to.
Are there any tricks i'm missing to get the Cisco client to only send requests for "foo.net" and "foo.org" down the tunnel and send the rest in the clear to the local DNS on the client side?