Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Split-tunnel

Hello.

I'm novice...

I don't understand the utility of Split-tunnel command.

Thanks for answer.

1 REPLY
Silver

Re: Split-tunnel

Normally remote access end user vpn connections force all traffic through the vpn tunnel - this is a good idea because once the end user is connected, and gets a vpn assigned ip address, they are then behind the corporate firewall, and protected.

Split tunnelling allows certain network traffic to not go through the tunnel - this often can offer more efficient internet access - rather than tunnel a satellite office's web surfing to the corporate headquarters, and then out to the internet, just let web surfing leave the satellite office's firewall and go straight to the net.

This can be a security weakness though - a split tunnel with an inadequate firewall could provide a backdoor into an otherwise secured corp. network - imagine if the remote office had a vpn conn to corp via their IOS router, and it did not have access-lists or CBAC installed - there could be ways for attackers to route thru the router and its IPSec tunnel into the corp network

127
Views
8
Helpful
1
Replies
CreatePlease to create content