Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
279
Views
0
Helpful
2
Replies

Split Tunnelling

marman
Level 1
Level 1

‎10-07-2004 01:56 AM - edited ‎03-09-2019 09:01 AM

Hi,

Can anyone tell me in fairly simplistic terms was is meant by split tunnelling?

Thanks

Labels:
0 Helpful
2 Replies 2

prasadrp
Level 1
Level 1

‎10-07-2004 03:27 AM

With Split-Tunneling disabled, when a remote VPN user get connected to VPN termination device, he cannot access the internet, even though he is establishing vpn tunnel through Internet. So , he is only able to access the access the resources on the other side of the VPN tunnel. If he wishes to access Internet, it should be via the Central location to which he got connected via VPN.

With split-tunneling enabled, remote VPN user is allowed to access Internet, at the same time that the user is allowed to access resources on the VPN. So when there is traffic for resources on the VPN tunnel, it would be sent across via the tunnel, but there is traffic for internet, it would be via the local modem/NIC. It can be used to enable access might be his local networked printer also. Since the internet traffic does not pass through VPN server, it conserves bandwidth.

But a major disadvantage, is due to the fact the hackers from Internet might get on your corporate network through your PC and then over the VPN tunnel which is already established.

0 Helpful

mostiguy
Level 6
Level 6

‎10-07-2004 05:19 AM

Briefly - not tunnelling all outbound traffic from a vpn connected site/host

Basically, many vpn products, especially for remote access users, tunnel all outbound traffic from the vpn connected end user's machine back to the corporate network. This would include internet traffic. Many companies think this is a good thing, as it allows then to continue to enforce web proxying/filtering capabilities for remote users.

If companies do not want to do such things though, the additional bandwidth utilization of sending the internet traffic to the corporate hub site, and the possible requirement to run a proxy is an annoyance. Deploying split tunnelling means only tunnelling certain traffic to the hub.

Split tunnelling is frequently required on PIX based vpns, because they do not allow traffic to leave the same interface it arrived on. Long story short, this means with end user vpn setups on the pix, you either need to deploy split tunnelling, or have the users use a proxy at the corporate hub. This quirk will be resolved in PIX OS 7.0. 3000 series concentrators and IOS devices do not have this issue.

0 Helpful
Customers Also Viewed These Support Documents