Filter
Top Products
29-22
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 29 Managing Remote Access VPNs: The Basics
Using the Remote Access VPN Configuration Wizard
Create Group Policy Wizard—Clientless and Thin Client Access Modes Page
In the Clientless and Thin Client page of the Create Group Policy wizard, you can configure the
Clientless and Thin Client modes to be used for accessing the corporate network in your SSL VPN.
Split Tunnel Option Whether to allow split tunneling and if so, which traffic should be
secured or transmitted unencrypted across the public network:
• Disabled—(Default) No traffic goes in the clear or to any other
destination than the gateway. Remote users reach networks through
the corporate network and do not have access to local networks.
• Tunnel Specified Traffic—Tunnel all traffic from or to the
addresses listed in the Networks or Destinations field. Traffic to
all other addresses travels in the clear and is routed by the remote
user’s Internet service provider.
• Exclude Specified Traffic—Traffic goes in the clear from and to the
addresses listed in the Networks or Destinations field. This is
useful for remote users who want to access devices on their local
network, such as printers, while they are connected to the corporate
network through a tunnel.
Networks
(ASA device only.)
If you select Tunnel Specified Traffic or Exclude Specified traffic in the
Split Tunnel Option, enter the name of the ACL object that defines the
traffic to be tunneled or excluded. Click Select to select the object or to
create a new object.
Destinations
(IOS device only.)
If you select Tunnel Specified Traffic or Exclude Specified traffic in the
Split Tunnel Option, specify the IP addresses that define the traffic to
be tunneled or excluded.
Enter network addresses such as 10.100.10.0/24 or host addresses such
as 10.100.10.12. You can also enter the name of a network/host policy
object, or click Select to select the object from a list or to create a new
object. Separate multiple addresses with commas.
Exclude Local LANs
(IOS device only.)
Whether to exclude local LANs from the encrypted tunnel. This option
is available only if you selected the Exclude Specified Traffic split
tunnel option. By selecting this option, you do not have to enter local
LAN addresses into the destinations field to allow users to
communicate with systems (such as printers) that are attached to their
LAN.
When selected, this attribute disallows a non split-tunneling connection
to access the local subnetwork at the same time as the client.
Split DNS Names A list of domain names to be resolved through the split tunnel to the
private network. All other names are resolved using the public DNS
server.
Enter up to 10 entries in the list of domains, separated by commas. The
entire string can be no longer than 255 characters.
Table 29-4 Create User Group Wizard—Full Tunnel Page (Continued)
Element Description