I've set up split-tunneling on a PIX for VPN clients but this is the first for PIX-to-PIX tunnel. Is there a way of setting up the spoke PIX in a LAN-to-LAN Ipsec Tunnel to do split-tunneling?
Is this done through a access-list instead of a command? I've set up split-tunneling on a PIX for VPN clients but this is the first for PIX-to-PIX tunnel.
I've set up split-tunneling on a PIX for VPN clients but this is the first for PIX-to-PIX tunnel. Is there a way of setting up the spoke PIX in a LAN-to-LAN Ipsec Tunnel to do split-tunneling?
Is this done through a access-list instead of a command? I've set up split-tunneling on a PIX for VPN clients but this is the first for PIX-to-PIX tunnel.
Your LAN-to-LAN tunnel will be written in terms of crypto map policy, one item of which will be a "match address" clause that indicates an ACL name. Anything matched by that ACL *after all relevant translations* if sent through the VPN. So if you want the effect of split-tunnel, make the ACL match only that which you want to send over.
Note: the match address ACL should be written as for what you would expect for data from the interior out of the PIX; the ACL will automatically be read "backwards" for incoming traffic.
So it IS done through access-list.
Thanks!
Walter Robers> >
So it IS done through access-list.
Thanks!
Walter Robers> >
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.