Specifying Address Translation Exception And Split Tunneling - Cisco 515E - PIX Restricted Bundle Getting Started Manual

Chapter 3 Scenario: IPsec Remote-Access VPN Configuration
Implementing the IPsec Remote-Access VPN Scenario

Specifying Address Translation Exception and Split Tunneling

Split tunneling lets a remote-access IPsec client conditionally direct packets over
an IPsec tunnel in encrypted form or to a network interface in clear text form.
The security appliance uses Network Address Translation (NAT) to prevent
internal IP addresses from being exposed externally. You can make exceptions to
this network protection by identifying local hosts and networks that should be
made accessible to authenticated remote users. (In this scenario, the entire inside
network 10.10.10.0 is exposed to all remote clients.)
In Step 10 of the VPN Wizard, perform the following steps:
Specify hosts, groups, and networks that should be in the list of internal resources
Step 1
made accessible to authenticated remote users.
To add or remove hosts, groups, and networks dynamically from the Selected
Hosts/Networks pane, click Add or Delete, respectively.
PIX 515E Security Appliance Getting Started Guide
3-16
78-17645-01