Defining Network Connect Split Tunneling Policies (NSM Procedure)

Network Connect (NC) split tunneling policies specify one or more network IP address/netmask combinations for which the device handles traffic passed between the remote client and the corporate intranet. You can also specify traffic that should not pass through the NC tunnel.

When split-tunneling is used, NC modifies routes on clients so that traffic meant for the corporate intranet networks to NC and all other traffic goes through the local physical adapter. The IVE tries to resolve all DNS requests through the physical adapter first and then routes those that fail to the NC adapter.

For example,

To write an NC split-tunneling networks resource policy:

  1. In the navigation tree, select Device Manager > Devices. Click the Device Tree tab, and then double-click the Secure Access device for which you want to write an NC split-tunneling networks resource policy.
  2. Click the Configuration tab. Select Users > Resource Policies > Network Connect > Split-tunneling Networks.
  3. Click New Profile, and then enter the name and the description for the policy.
  4. Add or modify more settings as specified in Table 39.
  5. Click one:
    • OK—Saves the changes.
    • Cancel—Cancels the modifications.

Table 39: Configuring Network Connect Split Tunneling Policy Details

OptionsYour Action

Resources

Enter the new resource name for the split tunnel resource policy.

Applies to Roles

Select one of the following options from the drop-down list:

  • ALL —To apply this policy to all users.
  • Selected—To apply this policy only to users who are mapped to roles in the Selected roles list. Upon selecting this option, the Role Selections tab is enabled.
  • Except those selected—To apply this policy to all users except for those who map to the roles in the Selected roles list.

Action

Select one of the following options from the drop-down list:

  • Allow—This option allows the Network IP address/netmask combinations specified in the Resources field to pass through the NC tunnel.
  • Detailed Rules —This option defines resource policy rules that put additional restrictions on the specified resources. Upon selecting this option, the Detailed Rules tab is enabled.
  • Deny—This option denies the Network IP address/netmask combinations specified in the Resources field not to pass through the NC tunnel.
Roles Selection tab

Roles Selections

Select the members from the Members list. You can add or remove the members to the Non-members list by selecting Add, Remove, Add All, or Remove All .

Detailed Rules tab

Name

Enter the name for the rule.

Action

Select Allow or deny from the drop-down list.

Enter the new resource name for the rule.

Note: On the Network Connect Split Tunneling Policies page, prioritize the policies according to how you want the device to evaluate them. Once the device matches the resource requested by the user to a resource that belongs to a Resource list of a policy (or a detailed rule’s), it performs the specified action and stops processing policies.

Related Documentation