Internet access gets disabled when VPN connection is established

Similarly VPN users complain that they cannot access other resources on their home network when the VPN connection is established

This generally happens as a result of split-tunneling being disabled. While split-tunneling can pose security risks, these risks can be mitigated to a point by having strong, enforced security policies in place and automatically pushed to the client upon connection (for example, a policy could require that current antivirus software be installed, or that a firewall be present). On a PIX, use this command to enable split tunneling:

vpngroup vpngroupname split-tunnel split_tunnel_acl

You should have a corresponding access-list command that defines what will come through the encrypted tunnel and what will be sent out in the clear. For example,access-list split_tunnel_acl permit ip any, or whatever your IP range is.

Leave a Reply