Hi guys
I've set up split tunnel, and i can still not surf while connected to VPN. this is the PIX 506e conf:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password Jio6GID60K5fCx3I encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.135.0 vpn
access-list compiled
access-list 101 permit ip any vpn 255.255.255.192
access-list outside_cryptomap_dyn_20 permit ip any vpn 255.255.255.192
ip local pool Pool1 192.168.135.1-192.168.135.50
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 outside_gateway 1
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup mygroup address-pool Pool1
vpngroup mygroup dns-server 194.239.134.83
vpngroup mygroup default-domain mydom.com
vpngroup mygroup split-tunnel outside_cryptomap_dyn_20
vpngroup mygroup idle-time 1800
vpngroup mygroup password ********
: end
took out non ess parts..
I've set up split tunnel, and i can still not surf while connected to VPN. this is the PIX 506e conf:
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password Jio6GID60K5fCx3I encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 192.168.135.0 vpn
access-list compiled
access-list 101 permit ip any vpn 255.255.255.192
access-list outside_cryptomap_dyn_20 permit ip any vpn 255.255.255.192
ip local pool Pool1 192.168.135.1-192.168.135.50
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 outside_gateway 1
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup mygroup address-pool Pool1
vpngroup mygroup dns-server 194.239.134.83
vpngroup mygroup default-domain mydom.com
vpngroup mygroup split-tunnel outside_cryptomap_dyn_20
vpngroup mygroup idle-time 1800
vpngroup mygroup password ********
: end
took out non ess parts..
