AnyConnect split tunnel for inside hosts

joshking1 · ‎12-04-2012

Hi,

Please I have question about vpn split tunnel for internal hosts that we need to be accessed via the internet.

My split tunnel works ok but at the moment we want to exclude some of the tunneled domain hosts from being accessed via the tunnel but instead the vpn users will connect to them via the internet.

For example, my split-tunnelled dns are example1.com and example2.net, but i have a host sip.example1.com that is accessible via the tunnel (resolves internally) but also has a public address which resolves externally. We want the vpn user to only be able to connect to sip.example1.com via the internet instead of using the tunnel.

So I would like to split-tunnel by hostname or exclude some domain hosts from the split-tunnelled traffic.

Any suggestions or help will be appreciated.

Thanks

Mariusz Bochen · ‎01-02-2013

Hi Joshking1,

How many other addresses are in use for the example1.com domain?

If there are not many you can specify all of them except the sip.example1.com as the split-dns value (without including the generic example1.com domain).

I think that's the only one way.

Regards

Mariusz

joshking1 · ‎01-02-2013

Thanks Mariusz,

I have implemented a solution which seems to be working ok although I have not put it in my production network.

I have combined the split-tunnel with internal ACL rule which prevents the remote vpn pool address from contacting the internal host address for sip.example1.com, so the client is currently accessing it via the internet only.

Hopefully, this should work ok for the other internal hosts I want the vpn client to connect to via the internet when I implement it in my production network !

Thanks

Mariusz Bochen · ‎01-03-2013

Nice one

Thanks for the update.

Regards

Mariusz