You want to enable split tunneling in a Cisco PIX 500 series, which is often running v6.3.
You need to enable this in the VPN group. Note, this method is slightly different than what is done to enable split tunneling on a newer Cisco PIX or Cisco ASA. This article is based on Cisco’s article on enabling split tunneling on the Cisco PIX.
We’ll assume that you have the IPSEC VPN already configured. Our sample VPN settings are:
vpngroup myvpnpix address-pool dspool
vpngroup myvpnpix dns-server 192.168.50.30 192.168.50.13
vpngroup myvpnpix wins-server 192.168.50.11
vpngroup myvpnpix default-domain example.com
vpngroup myvpnpix idle-time 1800
vpngroup myvpnpix password ********
Notice that our address pool just happens to be within the normal LAN range:
ip local pool dspool 192.168.50.200-192.168.50.210
In most situations however, it would be another range, such as:
ip local pool dspool 192.168.51.10-192.168.51.50
It doesn’t matter really.
So next we need to setup our split tunnel access list:
access-list split_tunnel_list remark Specify our internal network.
access-list split_tunnel_list remark The first 192.168.50.0 is for the internal network.
access-list split_tunnel_list remark The second 192.168.50.0 is the VPN IP pool. It could have been another range entirely.
access-list split_tunnel_list permit ip 192.168.50.0 255.255.255.0 192.168.50.0 255.255.255.0
Then, add the split tunneling configuration to the VPN group:
vpngroup myvpnpix split-tunnel split_tunnel_list
Be sure to write the running config to memory so this is preserved across reboots.