1. Home
  2. Networking Firewalls
  3. split tunneling

split tunneling

Dear All

I am trying to setup split tunneling for our VPN Users at work. I feel my config is correct but I does not work. I was looking for some feedback and maybe what I might be missing. I have pasted the relevant parts of my config below. If you require anymore pls let me know.

Best Regards

Bhavesh

vpngroup ITIVPN address-pool vpnpool1

vpngroup ITIVPN dns-server 199.100.1.31 199.100.1.33

vpngroup ITIVPN default-domain ITI-AB.com

vpngroup ITIVPN split-tunnel ITIVPN_splitTunnelAcl

vpngroup ITIVPN split-dns iti.arabbank.plc arabbank.plc

vpngroup ITIVPN idle-time 1800

vpngroup ITIVPN max-time 1800

vpngroup ITIVPN password ********

access-list ITIVPN_splitTunnelAcl permit ip any any

access-list ITIVPN_splitTunnelAcl permit ip ITI 255.255.255.0 any

access-list ITIVPN_splitTunnelAcl permit ip 10.100.100.0 255.255.255.0 any

Reply to
BHAVESH PATEL
Loading thread data ...

How are you trying to split up the VPN access? To separate out what is in work's IP range and everything else?

Reply to
Patrick

In article , BHAVESH PATEL wrote: :I am trying to setup split tunneling for our VPN Users at work. I feel my :config is correct but I does not work.

As you likely noticed, you did not get very many answers :-(

Your configuration appears to be that of a Cisco PIX. You are more likely to get PIX answers in the group comp.dcom.sys.cisco .

permit ip any any in a split-tunnel ACL tells the PIX that all IP traffic from anywhere to anywhere must be "protected" -- that is, must go through the tunnel. That leaves the following lines redundant and indeed you might as well not even specify split-tunnel in that case since you are instructing that you do not want anything allowed to go unprotected.

Reply to
Walter Roberson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.