Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1281
Views
0
Helpful
3
Replies

AnyConnect split tunnel for inside hosts

joshking1
Level 1
Level 1

ā€Ž12-04-2012 07:19 AM

Hi,

Please I have question about vpn split tunnel for internal hosts that we need to be accessed via the internet.

My split tunnel works ok but at the moment we want to exclude some of the tunneled domain hosts from being accessed via the tunnel but instead the vpn users will connect to them via the internet.

For example, my split-tunnelled dns are example1.com and example2.net, but i have a host sip.example1.com that is accessible via the tunnel (resolves internally) but also has a public address which resolves externally. We want the vpn user to only be able to connect to sip.example1.com via the internet instead of using the tunnel.

So I would like to split-tunnel by hostname or exclude some domain hosts from the split-tunnelled traffic.

Any suggestions or help will be appreciated.

Thanks               

Labels:
0 Helpful
3 Replies 3

Mariusz Bochen
Level 1
Level 1

ā€Ž01-02-2013 09:07 AM

Hi Joshking1,

How many other addresses are in use for the example1.com domain?

If there are not many you can specify all of them except the sip.example1.com as the split-dns value (without including the generic example1.com domain).

I think that's the only one way.

Regards

Mariusz

0 Helpful

joshking1
Level 1
Level 1
In response to Mariusz Bochen

ā€Ž01-02-2013 09:26 AM

Thanks Mariusz,

I have implemented a solution which seems to be working ok although I have not put it in my production network.

I have  combined the split-tunnel with internal ACL rule which prevents the remote vpn pool address from contacting the internal host address for sip.example1.com, so the client is currently accessing it via the internet only.

Hopefully, this should work ok for the other internal hosts I want the vpn client to connect to via the internet when I implement it in my production network !

Thanks

0 Helpful

Mariusz Bochen
Level 1
Level 1
In response to joshking1

ā€Ž01-03-2013 01:05 AM

Nice one

Thanks for the update.

Regards

Mariusz

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents