[c-nsp] PIX VPN changes from 6.3.4 to 7.0.x ?
Garry
gkg at gmx.de
Thu Nov 10 02:47:10 EST 2005
Jared Brown wrote:
> group-policy vpnclient attributes
> wins-server value x.x.x.x
> dns-server value x.x.x.x
> split-tunnel-policy tunnelspecified
> split-tunnel-network-list value split_tunnel
> default-domain value xxxxx.com
>
> access-list split_tunnel standard permit x.x.x.x x.x.x.x (where x.x.x.x is the
> subnet that traffic needs to tunnel to)
>
Hm ... current config looks pretty similar, except that the access-list
is like this:
access-list test_splitTunnelAcl extended permit ip custom-int-net
255.255.255.0 any
access-list test_splitTunnelAcl extended permit ip custom-dmz-net
255.255.255.0 any
access-list test_splitTunnelAcl extended deny ip any any
(I added the last line even though the deny any any should be implicit
... didn't help or hurt AFAICT)
Tnx, -gg
More information about the cisco-nsp
mailing list