Chapter 4 Remote Access VPN Services

Creating Remote Access VPN Policies

Table 4-4 Split Tunneling Fields

 

Field Name

Type

Instructions

 

 

 

 

 

 

 

Split Tunneling

drop-down

Select one of the following methods for split tunneling:

 

Policy

list

Everything – This option sends all traffic, both VPN-bound traffic and

 

 

 

 

 

 

Internet-bound traffic, through the VPN tunnel to the CPE device. If you select

 

 

 

Everything there are no further values enter, as shown in Figure 4-14.

 

 

 

In List – This option sends only traffic matching the listed networks through the

 

 

 

VPN tunnel to the CPE device. The non-matching traffic is sent to the CPE

 

 

 

device unencrypted. If you select this option, you must click Create or Generate

 

 

 

and create the list of network addresses from which traffic travels through the

 

 

 

IPsec tunnel. All other traffic is sent to the client LAN.

 

 

 

Not In List – Supported for the VPN 3000 only. This option sends all traffic to

 

 

 

addresses in the selected list to the client LAN and sends all other traffic through

 

 

 

the VPN tunnel. If you select this option, you must click Create or Generate and

 

 

 

create the list of network addresses.

 

 

 

 

 

 

Split Tunneling

text box

(Optional) If you want to use a name other than the Cisco IOS or PIX Firewall

 

Name

 

autogenerated name for the list of network addresses for which split tunneling is

 

 

 

enabled, enter the name here.

 

 

 

 

 

 

Generate

Generate

Click Generate if you want to automatically create the list of private subnets from an

 

 

button

existing site-to-site IPsec VPN. Since a VPN may be represented by one or more

 

 

 

service requests, after clicking Generate select all the service requests from which

 

 

 

the list of private subnets is to be extracted. When you click Generate, the Service

 

 

 

Request for Split Tunnel List dialog box appears as shown in Figure 4-12.

 

 

 

Figure 4-12 The Service Request for Split Tunnel List Page

 

 

 

 

 

 

Create

Create

Click Create and the Subnet Address for Split Tunneling dialog box appears as

 

 

button

shown in Figure 4-13. Enter a subnet address for Split Tunneling and click OK.

 

 

 

Figure 4-13 Subnet For Split Tunneling Dialog Box

 

 

 

 

 

 

 

 

 

 

Cisco IP Solution Center Integrated VPN Management Suite Security User Guide, 3.2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

OL-5532-02

 

 

 

4-13

 

 

 

 

 

 

 

Page 12 Page 14
Page 13
Image 13
Cisco Systems OL-5532-02 manual Split Tunneling, Policy, Generate, Create
Page 12 Page 14
Top Page Image Contents