Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2325
Views
0
Helpful
1
Replies

tunnelspecified Vs excludespecified

sandeep_bhalodia
Level 1
Level 1

‎10-16-2012 04:29 PM

What is the difference between "tunnelspecified" Vs "excludespecified" split-tunnel policy? I have read Cisco documentation but it is still not clear. Here is my interpretation from the documentation:

tunnelspecified: In this option traffic matching the ACL will be encrypted and rest of the traffic will be in clear text

excludespecified: In this option traffic matching the ACL will be sent as a clear text while rest of the traffic will be encrypted/tunneled

Question 1:Cisco suggest to use excludespecified option If I want to use my local subnet/printer while connected to VPN.

But In tunnelspecified option If my local subnet is not a part of an ACL then traffic to my local LAN will be in clear text and that means i should be able to use my local printer/local subnet?

Please help me understand this difference.

Thanks in advance!!

Labels:
0 Helpful
1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

‎10-16-2012 08:56 PM

Yes, you are absolutely spot on with the difference between tunnelspecified and excludespecified.

I would normally see how many ACL I need to configure and depending on which is the smallest number then i would choose either of the option.

In regards to your question, I would just use tunnelspecified, as only traffic destined to the ACL will be encrypted and sent across the tunnel, the rest will split and use the local connection.

0 Helpful
Customers Also Viewed These Support Documents