Hello forum,
I have a litte problem/question with PIX VPN and Split-tunnel.
PIX OS 6.3.5
I have:
access-list 103 permit ip 192.168.20.0 255.255.255.0 192.168.50.0 255.255.255.0
ip local pool test 192.168.50.0 mask 255.255.255.0
vpngroup test address-pool test
vpngroup test default-domain test
vpngroup test split-tunnel 103
vpngroup test idle-time 1800
Now only packets for 192.168.20.0/24 are send to the tunnel.
As far as good
Now I like to invert the access.
All traffic should be send to the tunnel. Only the traffic to 193.150.167.7 should be not tunneld.
I tried to do:
access-list 103 deny ip host 193.150.167.7 192.168.50.0 255.255.255.0
But this does not work. All traffic is send to the tunnel again.
Adding all networks and hosts (without 193.150.167.7) to the
allow part does not make any sence I thing.
Many thanks for tips / ideas...
Marcus
I have a litte problem/question with PIX VPN and Split-tunnel.
PIX OS 6.3.5
I have:
access-list 103 permit ip 192.168.20.0 255.255.255.0 192.168.50.0 255.255.255.0
ip local pool test 192.168.50.0 mask 255.255.255.0
vpngroup test address-pool test
vpngroup test default-domain test
vpngroup test split-tunnel 103
vpngroup test idle-time 1800
Now only packets for 192.168.20.0/24 are send to the tunnel.
As far as good
Now I like to invert the access.
All traffic should be send to the tunnel. Only the traffic to 193.150.167.7 should be not tunneld.
I tried to do:
access-list 103 deny ip host 193.150.167.7 192.168.50.0 255.255.255.0
But this does not work. All traffic is send to the tunnel again.
Adding all networks and hosts (without 193.150.167.7) to the
allow part does not make any sence I thing.
Many thanks for tips / ideas...
Marcus
