Posted in Cisco, IPsec site to site vpn

VPN Split Tunneling – Concept of Split tunneling

   Leave a comment
Split-tunnelling

VPN Split Tunneling

The truth is, vpn is great piece of technology and vpn is mine favourite topic in networking.Vpn is amazing tool that can help user to make secure connection to corporate network over an unsecured internet. By default any traffic sent through the VPN network goes through the VPN server in an encrypted manner.Sometimes you need certain traffic should  not go through your VPN , That’s why split tunnelling comes into picture.Split Tunneling does exactly the same what its name stands for – Split your Internet traffic.

Split tunneling is a vpn (virtual pirvate network) concept which allows a remote user to access different network domain such as Internet and a local LAN or WAN at the same time, while using the same internet connection.With split Tunneling VPN, you have control to route internet traffic through the VPN network or your local network.

By Default – A Remote VPN software client can route your 100% traffic through vpn sever.But, split-tunnelling feature allow user to select specific traffic to be pushed via a encrypted VPN tunnel , while remaining internet traffic is routed by local internet breakout (Local ISP) as it normally would be.So, this way you can isolate corporate and internet traffic at user-end machine.

Split tunneling come in play when network administrator want to allow remote VPN users to connect directly to Internet resources (browsing, Facebook , email) while using a corporate VPN instead of routing that traffic through the VPN.

Split tunnelling give you control over which traffic in your network get the VPN treatment and which don’t.Split tunnelling refers to the practice of routing only some traffic over the VPN, while let the other traffic directly access the Internet via local internet breakout. Usually, what is routed over the VPN will be traffic destined for internal resources, while web surfing, Facebook , Netflix  email, etc. will go directly to the Internet. The VPN client is configured to route interesting traffic through the tunnel, while using the default gateway of the physical address for everything else.

Split tunnelling allowing a remote VPN user to access a public network (Internet) while accessing corporate resources (server , application) from home or remote locations.With feature of split tunnelling, a vpn user can simultaneously access a public network while connected to a remote access vpn such Cisco any connect or Global protect vpn. In other words, it provides a multi-services access networking path.

Split tunnelling can categorized the network traffic based on how it is configured. A split tunnel configured to only tunnel traffic destined to a specific set of destinations is called a split-include tunnel. When configured to accept all traffic except traffic destined to a specific set of destinations, it is called a split-exclude tunnel.

Split tunnelling involves the configuration of an Access Control List (ACL) that will be associated with this feature. The traffic for the subnets or hosts that is defined on this ACL will be encrypted over the tunnel from the client-end, and the routes for these subnets are installed on the PC routing table.

Split tunnelling is a concept of vpn network that allow administrator to define the traffic of the network (subnet and host) that must be encrypted and routed via tunnel to vpn gateway.

Split tunnelling configuration is involves the configuration of an Access Control List (ACL).

The desire vpn network subnet define in the ACL will be encrypted over the tunnel from the end-user, and the routes for these subnets are installed on the PC routing table.

 

Author: Ronnie Singh

Your Feedback is Valuable for us. Pls do comments.