I have an interesting problem which seems that no one else has. I am deploying many 501 PIX out to locations which will connect to my 515 PIX using Easy VPN. The 501s are using network-extension mode. Since the locations will be on the domain and I'll be controlling their internet access via Group Policy, I want to enable Split-Tunneling. Easy enough.
However, when I setup the split tunneling on the 515 PIX, all traffic is still passed through the tunnel. The config looks good to me. Here are the relevant lines of code on the 515.
access-list split permit ip 10.*.*.0 255.255.255.0 172.2*.0.0 255.255.0.0
vpngroup BreakTime dns-server *.*.*.*
vpngroup BreakTime split-tunnel split
vpngroup BreakTime idle-time 1800
vpngroup BreakTime password ************
vpngroup idle-time idle-time 1800
Am I missing something here?
Shon
Network Administrator
However, when I setup the split tunneling on the 515 PIX, all traffic is still passed through the tunnel. The config looks good to me. Here are the relevant lines of code on the 515.
access-list split permit ip 10.*.*.0 255.255.255.0 172.2*.0.0 255.255.0.0
vpngroup BreakTime dns-server *.*.*.*
vpngroup BreakTime split-tunnel split
vpngroup BreakTime idle-time 1800
vpngroup BreakTime password ************
vpngroup idle-time idle-time 1800
Am I missing something here?
Shon
Network Administrator