VPN
Configuring SSL VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 381
8
-Exclude Local LAN: If you choose Exclude Traffic, check the box to
permit remote users to access their local LANs without passing through
VPN tunnel, or uncheck the box to deny remote users to access their local
LANs without passing through VPN tunnel.
NOTE: To exclude local LANs, make sure that the Exclude Local LAN
feature is enabled on both the SSL VPN server and the AnyConnect
clients.
•Split DNS: Split DNS can direct DNS packets in clear text over the Internet
to do main s se rve d thr ough an ex tern al D NS (s erv ing y our I SP) or th roug h th e
VPN tunnel to domains served by the corporate DNS.
For example, a query for a packet destined for corporate.com would go
through the VPN tunnel to the DNS that serves the private network, while a
query for a packet destined for myfavoritesearch.com would be handled by
the ISP's DNS. To use Split DNS, you must also have split tunneling
configured.
To add a domain for tunneling packets to destinations in the private network,
enter the IP address or domain name in the field and click Add. To delete a
domain, select it and click Delete.
STEP 6 In the Zone-based Firewall Settings area, you can control access from the SSL
VPN clients to the zones over the VPN tunnels. Click Permit to permit access, or
click Deny to deny access.
NOTE: The VPN firewall rules that are automatically generated by the zone-based
firewall settings will be added to the list of firewall rules with the priority higher
than the default firewall rules, but lower than the custom firewall rules.
STEP 7 Click OK to save your settings.
STEP 8 Click Save to apply your settings.