Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
786
Views
10
Helpful
4
Replies

Specific sites through tunnel

Go to solution
kostasthedelegate
Level 4
Level 4

‎07-13-2021 06:09 AM

Hello, 

 

I have an HA pair of 2120 and I have configured RA VPN.

There is split tunnel so the users use their local internet. 

 

I would like to ask if there is a configuration where I have the split tunnel in place and I only allow a couple of sites to go through the internet form the company. 

 

Thanks and regards, 

Konstantinos

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎07-13-2021 06:20 AM

@kostasthedelegate 

I assume you are running FTD image?

 

You can use split tunnel and use "dynamic-split-include-domains" attribute to define domains to include in the VPN tunnel.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/config_examples/advanced-anyconnect-ftd-fmc/advanced-anyconnect-vpn-ftd-fmc.html#Cisco_Concept.dita_213e916f-a1d4-468d-953d-e50f80980d52

 

View solution in original post

4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎07-13-2021 06:12 AM

Personally if you looking local breakout, split tunnel, Only allow Corporate IP address via VPN, rest go directly to internet to save HQ Internet Bandwidth, again business requirement. (how you like to control user)

 

full Cone tunnel vs split tunnel.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
kostasthedelegate
Level 4
Level 4

‎07-13-2021 06:15 AM

What I want is for a public IP to go through the tunnel and be routed to the internet through the company's public IP

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to kostasthedelegate

‎07-13-2021 06:17 AM

yes you create ACL and what to allow via VPN or go direct internet.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎07-13-2021 06:20 AM

@kostasthedelegate 

I assume you are running FTD image?

 

You can use split tunnel and use "dynamic-split-include-domains" attribute to define domains to include in the VPN tunnel.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/config_examples/advanced-anyconnect-ftd-fmc/advanced-anyconnect-vpn-ftd-fmc.html#Cisco_Concept.dita_213e916f-a1d4-468d-953d-e50f80980d52

 

Customers Also Viewed These Support Documents