Split Tunneling - PIX 501

[dkraut]

Have a PIX 501 with client VPN setup. Clients connect fine but cannot use local network resources when connected. I know this is by design but even after I enable "Local LAN Access" on the VPN client, I still cannot access local resources while connected. Examining the client statistics, I noticed that it says LAN Access is disabled even though I enabled it on the client? I'm guessing that it's disabled on the PIX itself. Can someone tell how to enable split tunneling on the PIX 501? I know it allows for a potential security hole but this is a group of high maintenance users and they will not accept not being able to access local network resources while connected to the office VPN.

 

[LloydSev]

I guess the biggest question revolves around what type of business are you? If it's Healthcare, then the HIPPA laws come into play when you talk about creating a humungous gaping hole for people to come into your network from...

If there isn't a large need for security, then split tunneling shouldn't be a problem.. I guess the biggest thing is to weigh your choices... in our business here, Split Tunnelling can open up liability.

Here are the commands for Split Tunneling..

vpngroup <groupname> split-tunnel <ACL NAME>
access-list <ACL NAME> permit ip <vpn subnet> <netmask>

Computer/Network Technician
CCNA

 

[dkraut]

LloydSev, We're not HIPPA restrained and I understand the ramifications but this is a small group of high maintenance users!
Split tunneling is working now. Thanks!

Best regards,

Dave

 

[LloydSev]

Glad I could help

Computer/Network Technician
CCNA