enabling certain VPN groups to have internet access on 506e

[caswcu]

From reading the document on cisco it appears all I have to do is add these two lines

access-list 101 permit ip <my internal ip address of my PIX> 255.255.0.0 <.0 of the starting range of my pool 192.168.123.0 ?? > 255.255.0.0

vpngroup specialusers split-tunnel 101

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009442e.shtml

 

[NetworkGhost]

Not internal ip of the pix but internal network range of the hosts you want vpn users to access.

The split tunnel command basically tells the client if it isnt heading for a subnet in the 101 address dont encrypt and send out to the merry old internet.

 

[StomII]

Hello NetworkGhost,

This means that the permit rule tells the pix which traffic should be encrypted? right.

This means
acesslist splittunnel permit ip 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
all traffic is encrypted -> no spilt tunnel allowed

accesslist splittunel permit ip central network remote vpn network

only traffic remote -> central is encrypted -> split tunnel allowed for all other traffic.

But what can I do If I only like access to on or to internet IP addresses?

Best Regards,
Marcus