MAC - Built In VPN - Cisco IPSec - Split Tunneling

TheJackMan wrote:

I set up my built in MAC VPN (Cisco IPSec) client, but it does not appear the client is getting my split tunnel details, it routes all traffic over VPN in the split tunnel list and any traffic that is not configured to go down the VPN tunnel appears to just get droped an it just does not pass that traffic out the local internet connection. On the MAC built in VPN (L2TP) configuration in advanced options, you see a check box for "Send all traffic over VPN connection", but that option is not available in the MAC built in VPN (Cisco IPSec), would this check box be similar to the Cisco client, "allow local lan access", that particular feature allows for split tunneling in the Cisco client. Is there a way for the built in VPN (Cisco IPSec) client to get the split tunnel rules? Thanks

I have not set up the Cisco VPN server end, but I have used a Cisco system from the Client end. I can therefore tell you often the IT department will have set policies in the Cisco VPN server to force all traffic to go via their system whether you as a user would prefer or not. This allows them to monitor and filter all the traffic.

Apple's own VPN server can be configured in a similar way, although I chose to allow non-work traffic to go via the users own connection.

TheJackMan wrote:

Thanks John, I manage the back end VPN appliance and have a split-tunnel rule for 1 particular site, it works fine with the vendors client on the MAC, but with the MAC built in Cisco IPSec client/configuration, the traffic does not go anywhere. All other traffic goes down the tunnel fine, but he 1 site/I.P. we split tunnel goes nowhere.

The MAC built in VPN (L2TP) has the opiotn to "Send all traffic over VPN connection" but the MAC Cisco IPSec configuraton does not have that option/checkbox.

I am just wondering if there is somewhere else I can be setting that on the client.

Apparently Mac OS X uses Apple's own GUI frontend to the standard command line pppd software. However Apple's GUI frontend is taking the settings in System Preferences and building the command line instructions on-the-fly rather than using the usual /etc/ppp/ stored config files Linux might use as an example. I believe the config file that Network Preferences (in System Preferences) uses for storing its settings is located at

/Library/Preferences/SystemConfiguration/preferences.plist

Having had a quick look at it, this seems the right file but I am not sure that is going to help you.

It does mean it is potentially possible for you to build your own set of pppd settings and generate your own command line to connect, and maybe that way you can achieve what you want. However another option that might be easier is to consider installing one of the two official Cisco VPN clients for Mac OS X, these being Cisco AnyConnect and Cisco VPN Client.

You might want to have a look at the Unix man page for pppd (available in Terminal.app) and this webpage http://www.jms1.net/osx-vpn-routing.shtml