Normally remote access end user vpn connections force all traffic through the vpn tunnel - this is a good idea because once the end user is connected, and gets a vpn assigned ip address, they are then behind the corporate firewall, and protected.
Split tunnelling allows certain network traffic to not go through the tunnel - this often can offer more efficient internet access - rather than tunnel a satellite office's web surfing to the corporate headquarters, and then out to the internet, just let web surfing leave the satellite office's firewall and go straight to the net.
This can be a security weakness though - a split tunnel with an inadequate firewall could provide a backdoor into an otherwise secured corp. network - imagine if the remote office had a vpn conn to corp via their IOS router, and it did not have access-lists or CBAC installed - there could be ways for attackers to route thru the router and its IPSec tunnel into the corp network
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...