Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Specifying Local Networks

    You can specify local, reachable networks through the IPsec tunnel. This type of “ split tunneling” enables a remote station to separate VPN traffic from Internet traffic. For example a client connecting to a corporate Intranet could use split-tunneling to send all traffic destined to 10.0.0.0/8 through the secure tunnel and reach the VPN. Other traffic (for example, Web browsing) would travel directly to the Internet through the local service provider without passing through the tunnel.

    Note: Split tunneling functions only when supported by the client software. It is up to the client to modify its routing table with the network information for split tunneling to occur. You can configure up to 16 networks for this method of “split-tunneling.”

    To specify networks that are reachable through the IPsec tunnel:

    • From IPsec Tunnel Profile Configuration mode, specify the network.
      host1(config-ipsec-tunnel-profile)#local ip network 10.0.0.0 255.255.255.252

      Use the no version to remove the specified network from the reachable list.

    Published: 2014-08-12