AnyConnect VPN – Split Tunneling

By default all traffic originated from Cisco AnyConnect client is forwarded to Cisco ASA.This solution is secure because client connection to the Internet is protected by Cisco ASA firewall. However this approach consumes corporate bandwidth if client browse the Internet.

You can configure Split Tunneling feature on the Cisco ASA. In this case the client will use VPN tunnel only to make connection for corporate internal IP addresses; all remaining traffic (to/from Internet) will not be tunneled to Cisco ASA.

To configure Split Tunneling edit GroupPolicy linked to client VPN Connection Profile.

Edit Policy

Configure the policy according to the following picture. Remote-Access-SplitTunnel is a standard AccessList which defines destination IP address pool the client will tunnel to Cisco ASA. All remaining traffic will not be tunneled.

Configure Split tunneling

The following picture shows the defined ACL



Leave a Reply

Your email address will not be published. Required fields are marked *