AnyConnect VPN – Split Tunneling
September 24, 2016
By default all traffic originated from Cisco AnyConnect client is forwarded to Cisco ASA.This solution is secure because client connection to the Internet is protected by Cisco ASA firewall. However this approach consumes corporate bandwidth if client browse the Internet.
You can configure Split Tunneling feature on the Cisco ASA. In this case the client will use VPN tunnel only to make connection for corporate internal IP addresses; all remaining traffic (to/from Internet) will not be tunneled to Cisco ASA.
To configure Split Tunneling edit GroupPolicy linked to client VPN Connection Profile.
Configure the policy according to the following picture. Remote-Access-SplitTunnel is a standard AccessList which defines destination IP address pool the client will tunnel to Cisco ASA. All remaining traffic will not be tunneled.
The following picture shows the defined ACL