12-04-2012 07:19 AM
Hi,
Please I have question about vpn split tunnel for internal hosts that we need to be accessed via the internet.
My split tunnel works ok but at the moment we want to exclude some of the tunneled domain hosts from being accessed via the tunnel but instead the vpn users will connect to them via the internet.
For example, my split-tunnelled dns are example1.com and example2.net, but i have a host sip.example1.com that is accessible via the tunnel (resolves internally) but also has a public address which resolves externally. We want the vpn user to only be able to connect to sip.example1.com via the internet instead of using the tunnel.
So I would like to split-tunnel by hostname or exclude some domain hosts from the split-tunnelled traffic.
Any suggestions or help will be appreciated.
Thanks
01-02-2013 09:07 AM
Hi Joshking1,
How many other addresses are in use for the example1.com domain?
If there are not many you can specify all of them except the sip.example1.com as the split-dns value (without including the generic example1.com domain).
I think that's the only one way.
Regards
Mariusz
01-02-2013 09:26 AM
Thanks Mariusz,
I have implemented a solution which seems to be working ok although I have not put it in my production network.
I have combined the split-tunnel with internal ACL rule which prevents the remote vpn pool address from contacting the internal host address for sip.example1.com, so the client is currently accessing it via the internet only.
Hopefully, this should work ok for the other internal hosts I want the vpn client to connect to via the internet when I implement it in my production network !
Thanks
01-03-2013 01:05 AM
Nice one
Thanks for the update.
Regards
Mariusz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide