Split-Tunneling on a PIX LAN-to-LAN Ipsec Tunnel

Discussion in 'Cisco' started by Greg, Dec 7, 2006.

  1. Greg

    Greg Guest

    I've set up split-tunneling on a PIX for VPN clients but this is the
    first for PIX-to-PIX tunnel. Is there a way of setting up the spoke PIX
    in a LAN-to-LAN Ipsec Tunnel to do split-tunneling?

    Is this done through a access-list instead of a command? I've set up
    split-tunneling on a PIX for VPN clients but this is the first for
    PIX-to-PIX tunnel.
     
    Greg, Dec 7, 2006
    #1
    1. Advertisements

  2. Your LAN-to-LAN tunnel will be written in terms of crypto map policy,
    one item of which will be a "match address" clause that indicates
    an ACL name. Anything matched by that ACL *after all relevant translations*
    if sent through the VPN. So if you want the effect of split-tunnel,
    make the ACL match only that which you want to send over.

    Note: the match address ACL should be written as for what you
    would expect for data from the interior out of the PIX; the ACL
    will automatically be read "backwards" for incoming traffic.
     
    Walter Roberson, Dec 7, 2006
    #2
    1. Advertisements

  3. Greg

    Greg Guest

    So it IS done through access-list.

    Thanks!


     
    Greg, Dec 8, 2006
    #3
  4. Greg

    Greg Guest

    So it IS done through access-list.

    Thanks!


     
    Greg, Dec 8, 2006
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.