Chapter21 Cisco IOS SSLVPN
Additional Help Topics
21-48
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
for those policies, the router can contact that server, and receive the information
that Bob Smith is a member of the group Sales. The router can then display the
correct portal for the Sales group.
For information on how to configure the AAA server, see the “Configuring
RADIUS Attribute Support for SSL VPN” section in the SSL VPN Enhancements
document at the following link:
http://www.cisco.com/en/US/products/ps6441/products_feature_guide09186a00
805eeaea.html#wp1396461
Learn More About Split Tunneling
When a CiscoI OS SSLVPN connection is set up with a remote client, all traffic
that the client sends and receives may travel through the CiscoIOS SSL VPN
tunnel, including traffic that is not on the corporate intranet. This can degrade
network performance. Split tunneling allows you to specify the traffic that you
want to send through the CiscoIOS SSL VPN tunnel and allow other traffic to
remain unprotected and be handled by other routers.
In the Split Tunneling area, you can specify the traffic to include in the CiscoIOS
SSLVPN and exclude all other traffic by default, or you can specify the traffic to
exclude from the CCisco IOS SSL VPN and include all other traffic by default.
For example, suppose that your organization uses the 10.11.55.0 and the
10.12.55.0 network addresses. Add these network addresses to the Destination
Network list, then click the Include traffic radio button. All other Internet traffic,
such as traffic to Google or Yahoo, would go direct to the Internet.
Or suppose it is more practical to exclude traffic to certain net works from the
Cisco IOS SSL VPN tunnel. In that case, enter the addres ses for those networks
in the Destination Networks list, then click the Exclude traffic radio button. All
traffic destined for the networks in the Destination Networks list is sent over
nonsecure routes, and all other traffic is sent over the Cisco IOS SSL VPN tunnel.
If users have printers on local LANs that they want to use while connected to the
Cisco IOS SSLVPN, you mus t click Exclude local LAN in the Split Tunneling
area.