Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How do split tunnelling in VPNs work?

How do split tunnelling in VPNs  work?

Everyone's tags (2)
Super Bronze

How do split tunnelling in VPNs work?


I am not sure what kind of information you are specifically looking for?

Split Tunnel VPN essentially works so that you specify the networks for which traffic is forwarded through the VPN connection. All other traffic will ignore your current VPN Client connection and go out through the local network connections.

On the VPN device the Split Tunnel VPN is configured by configuring an ACL/access-list that tells the VPN device the networks towards which traffic should be forwarded through the VPN connection. The Split Tunnel ACL is attached to the "group-policy" that the users "tunnel-group" uses.

- Jouni

How do split tunnelling in VPNs work?

The most visible issue is where the client's default gateway goes.  In a full tunnel, it moves to the far side of the tunnel.  In the split tunnel, it stays local.  The security risk of split tunneling is that the client is providing a bridging path for outside malicious traffic to leak across the tunnel, with no influence from the far end's firewall and IDS.  The performance risk of full tunnels is that 3rd party outside traffic not terminating at the organization on the far side still has to take the tunnel, which can add latency, limit throughput, or increase packet loss.   The best designs require balancing the network layout, uplink sizing, and security posture in concert.

-- Jim Leinweber, WI State Lab of Hygiene

CreatePlease login to create content