Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to prevent the Cisco VPN Client from accessing certain networks behind the VPN Concentrator


In order to block Cisco VPN Client access to certain networks behind the VPN Concentrator, complete these steps:

  1. Create a group for the Cisco VPN Client. For help with this, refer to IPsec with VPN Client to VPN 3000 Concentrator Configuration Example.

  2. Choose Configuration > Policy Management > Traffic Management > Network List and click Add.

  3. Add the network that you wish for the VPN Client to access (for example, 20.x.x.x) and enter a unique name for this network list.

  4. Choose Configuration > User Management > Group and locate the group that you created in step 1.

  5. Go to the Client Config tab and choose Split Tunneling Policy.

  6. Click the Only tunnel networks in the list drop-down menu and select the split tunneling address list that you created in step 3.

  7. Save the configuration.

  8. Initiate the VPN Client connection and try to access any network other than what is defined in the network list. You should see that the VPN Client is now unable to access those networks.