Help with Split-Tunnel ACL

Discussion in 'Cisco' started by troute_kilgore@yahoo.com, Jun 13, 2007.

  1. Guest

    Gang, we have clients setup on a VPN, terminated with a PIX 515.
    Right now, I am not split tunneling.

    Is it possible that I setup an ACL to allow a split tunnel for ONLY a
    few IP addresses.. For example...

    I would like my users to hit our external web server without going
    through the vpn, www.mydomain.com, but still have to go through our
    vpn for www.cnn.com

    I tried something like...

    access-list split permit ip any myexternaldomain.com
    vpngroup roadhog split-tunnel split

    that didn't work, and after reading the docs closer, it sounded like
    the split acl only tells the tunnel what to encrypt.

    Thanks for your help

    Kilgore
     
    , Jun 13, 2007
    #1
    1. Advertising

  2. Guest

    On Jun 13, 2:34 pm, wrote:
    > Gang, we have clients setup on a VPN, terminated with a PIX 515.
    > Right now, I am not split tunneling.
    >
    > Is it possible that I setup an ACL to allow asplit tunnelfor ONLY a
    > few IP addresses.. For example...
    >
    > I would like my users to hit our external web server without going
    > through the vpn,www.mydomain.com, but still have to go through our
    > vpn forwww.cnn.com
    >
    > I tried something like...
    >
    > access-list split permit ip any myexternaldomain.com
    > vpngroup roadhogsplit-tunnelsplit
    >
    > that didn't work, and after reading the docs closer, it sounded like
    > the split acl only tells the tunnel what to encrypt.
    >
    > Thanks for yourhelp
    >
    > Kilgore


    Any one? Is this even possible? I've tried with deny lists etc, and
    no resolve
     
    , Jun 14, 2007
    #2
    1. Advertising

  3. maco

    Joined:
    Jun 13, 2007
    Messages:
    10
    maco, Jun 14, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. michael

    PPTP split-tunnel

    michael, Nov 13, 2003, in forum: Cisco
    Replies:
    1
    Views:
    4,060
  2. someone

    Split-tunnel on Pix

    someone, Dec 5, 2003, in forum: Cisco
    Replies:
    8
    Views:
    1,863
    Michael Gorsuch
    Dec 9, 2003
  3. Jim
    Replies:
    1
    Views:
    2,753
    Walter Roberson
    Feb 25, 2004
  4. a.nonny mouse
    Replies:
    2
    Views:
    1,168
  5. Dumbell

    a split is not a split

    Dumbell, Mar 9, 2009, in forum: Computer Support
    Replies:
    3
    Views:
    643
    Keyser Söze
    Mar 9, 2009
Loading...

Share This Page