need to be able to split tunnel from a remote office using a 501.
Situation follows:
Core Site: PIX 535 Remote Site: PIX 501
IPSEC tunnel between core and remote is operational and stable.
core LAN (multiple subnets) can reach remote site and internet.
remote lan can reach core lan, but not internet unless via proxy located on core lan.
501 can ping all hosts, local and remote including internet. Same with 535, but as previously stated, 501 LAN clients can not access internet.did nothing special on 535 (core) site to enable split tunneling, so it seems strange that I would have to to that on the 501.
I'm fairly certain it's a NAT issue. running a debug of the outside interface for traffic destined for the ISP gateway, internal hosts are not natted, but of course the PIX is showing it's outside IP.
I'm NAT 0-ing the traffic between the remote site and core site so that servers at the core can reach out and touch clients on the 501.
Anyone have any ideas?
dm