We have a need to allow remote clients using a specific role to get access into our internal resources, but to also be able to browse the internet. I configured split tunneling so the remote clients can have access to their local resources (printers, local network drive), but as we know, the default route is set to use the VPN.
We're having issues with the clients' browser (IE version 8) authenticating through our proxy, so I figured I could use split tunneling to tell the remote clients to use the VPN if they're trying to access the corprate resources, but to use the physical adapter for everything else.
Is this possible? The split tunneling options in the admin guide don't necessarily help me.
Just some more details...
We're using an SA4500, version 6.5R5.
On IVE Role .. network connect configure split tunneling.
On Ive .. resource policies... network connect ... split tunneling configure all the internal ressources the users should reach via tunnel. For example internal network 192.168.1.0/24 or host 10.10.10.10:80.
On resource policies...network connect...profiles configure dns so the users can use the internal dns for internal ressources, but also the client dns so they can resolve internet dns names, if you have internal dns for internal ressources only.
So the user who connects via network connect will reach all the local ressources and the internet, but ONLY what has to go to the networks which you configured on split tunneling rules will go into the tunnel.
Spacyfreak - that did the trick. Thanks for the help!
RasKal - I've actually tried using a special PAC file the way you suggested, but for some reason, the file keeps getting modified when it's downloaded to the client. I started a thread about this and opened a JTAC case, but I haven't gotten much of a response as to why that happens. The PAC file I created was supposed to direct everything through our proxy, but when the remote client logs in, there's a function to send everything directly out to the internet - through our corporate network, but bypassing the proxy. I've yet to figure out why that's happening.