Filter
Top Products
33-62
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 33 Configuring Policy Objects for Remote Access VPNs
Add or Edit User Group Dialog Box
User Group Dialog Box—Split Tunneling
Split tunneling lets a remote client conditionally direct packets over an IPsec or SSL VPN tunnel in
encrypted form or to a network interface in clear text form. With split tunneling enabled, packets not
bound for destinations on the other side of the tunnel do not have to be encrypted, sent across the tunnel,
decrypted, and then routed to a final destination.
The split tunneling policy is applied to a specific network. When you configure split tunneling, you can
transmit both secured and unsecured traffic on the same interface. You must specify which traffic will
be secured and what the destination of that traffic is, so that you have a secure tunnel to the central site,
while the clear (unsecured) traffic is transmitted across the public network.
Tip For optimum security, we recommend that you not enable split tunneling.
Note Split tunneling can be applied in Easy VPN, remote access VPN, and SSL VPN configurations. For
information about configuring split tunneling for SSL VPN, see User Group Dialog Box—SSL VPN
Split Tunneling, page 33-70.
Navigation Path
Select Split Tunneling from the table of contents in the Add or Edit User Group Dialog Box, page 33-58
when configuring Easy VPN/Remote Access IPSec VPN.
Field Reference
Table 33-46 User Group Dialog Box—Split Tunneling
Element Description
Split Tunneling The networks for which you want to tunnel traffic. Traffic to all other
addresses travels in the clear and is routed by the remote user’s Internet
service provider. You can identify the networks using one of these
options:
• Protected Networks—Specify the networks by network
addresses. Enter the addresses or network/host objects, or click
Select to select the objects from a list or to create new objects. For
information on specifying addresses, see Specifying IP Addresses
During Policy Definition, page 6-81.
• ACL—Specify the networks using an extended access control list
policy object. Enter the name of the object or click Select to select
the object from a list or to create a new object.
Split DNS A list of domain names that must be tunneled or resolved to the private
network. All other names will be resolved through the public DNS
server.
You can enter multiple domain names separated by commas.