We currently have a Nortel Contivity (IPSEC), and we are piloting a Juniper 2500 (So far we love it).
For NC, we've allowed split-tunneling only to the local subnet (printers and such).
So to me, that sounds like everything ELSE should be sent through the tunnel (Just like IPSEC). But that's not the case.
If a user is connected via NC, and tries to go to google.com, instead of being sent to/through NC and our corporate internet...it just goes nowhere....
I'm sure this is probably just a simple option, but I can't quite find it.
Any help would be greatly appreciated.
What does your split-tunnel ACL and access ACL looks like? Also, verify the user has DNS access via NC.
I'm guessing this is a problem with proxy settings, and not split-tunneling per se. How are your proxy settings normally set? How does the SA change them?