Cisco Systems ISA550

VPN

Configuring SSL VPN

Cisco ISA500 Series Integrated Security Appliances Administration Guide 380

•Address: If you choose Bypass-Local or Auto, enter the IP address or

domain name of the MSIE proxy server.

•Port: Enter the port number of the MSIE proxy server.

•IE Proxy Exception: You can specify the exception hosts for IE proxy

settings. This option allows the browser not to send traffic for the given

hostname or IP address through the proxy. To add an entry, enter the IP

address or domain name of an exception host and click Add. To delete an

entry, select it and click Delete.

STEP 5 In the Split Tunneling Settings area, enter the following information:

Split tunneling permits specific traffic to be carried outside of the SSL VPN tunnel.

Traffic is either included (resolved in tunnel) or excluded (resolved through the ISP

or WAN connection). Tunnel resolution configuration is mutually exclusive. An IP

address cannot be both included and excluded at the same time.

•Enable Split Tunneling: By default, all traffic from the host is directed

through the VPN tunnel. Check this box to enable the split tunneling feature

so that the VPN tunnel is used only for traffic that is specified by the client

routes.

•Split Selection: Choose one of the following options:

-Include Traffic: Allo ws y ou to add the clie nt r oute s on the SSL VPN cli ent

so that only traffic to the destination networks can be redirected through

the VPN tunnel. To add a client route, enter the destination subnet to

which a route is added on the SSL VPN client in the Address field and the

subnet mask for the destination network in the Netmask field, and then

click Add.

-Exclude Traffic: Allows you to exclude the destination networks on the

SSL VPN client. Traffic to the destination networks is redirected using the

SSL VPN client’s native network interface (resolved through the ISP or

WAN connection). To add a destination subnet , enter the destination

subnet to which a route is excluded on the SSL VPN client in the Address

field and the subnet mask for the excluded destination in the Netmask

field, and then click Add.

NOTE: To exclude the destination networks, make sure that the Exclude

Local LAN feature is enabled on the Cisco AnyConnect Secure Mobility

clients.