vpn/ split tunnel question

Thanks, Jyri. My VPN terminator is a Cisco router. I have no problem accessing the remote LANs or the Internet ( thru the VPN gateway ).

My problem is I would not be able to access the local LAN if I did not add one more ACL to allow the traffic between my local lan subnet and the vpn subnet.

I turn on the debug and see that all my packets from my notebook to my local server ( yes, absolutely local ) go to the router and then go back.

That's why I am looking for a settings which VPN Client will not tunnel my local traffic to the VPN terminator router.

DT

I'm not sure if I understood you correctly, but here we go:

There's no need to exclude the local LAN IP range from the VPN tunnel definition. PIX acts as a gateway and when devices in the same network talk to each other they will not use any gateways. So if your remote LAN has an IP range 192.168.1.0/24 then you can use an access-list like

access-list VPN permit ip 192.168.1.0 255.255.255.0 any

if you want all outgoing traffic to go through the tunnel.

if yu are using split tunnel thn only traffic in the secured routes will go via the tunnel all your other traffic will be via your local NIC. if you are seeing the above behaviuor then I think the slit tunnel is not se correctly.

That's true. My problem here is if I set up for a finite set of routes, then I can just list those routes in the ACL and it works.

But in this case, I would like to set *all* routes except one go to tunnel. How can I exclude just one route ?

Thanks,

DT