Newbie to Split Tunneling

  • I have this software called Cisco Anyconnect, which connects to a remote computer or appliance…I think.  This doctor who comes into the office uses it, so I’m not familiar with it at all.  My issue is that when he connects to his remote device ALL LAN connections no longer work.  Somehow it creates a VPN connection in network adapters and blocks access to anything local for security purposes.  He needs to be able to use a software which connects to the server via LAN.  So basically he cannot use them both at the same time.  He has to so that he can access his studies and use the LAN software.

    Then I read about this Split Tunneling and how it would solve my problem.  But I have no idea what it is and how I would configure my router for split tunneling.  Unless of course there’s another solution.

    I really need a newbie guide on how this works and have to solve this problem.  Can anyone help me please?

  • Has nothing to do with your network or the computer, it’s dependent on the network he’s connecting to with AnyConnect. If you control that device, a Cisco forum would be better suited for that question.

  • Well that’s the thing, I don’t control that device.  And obviously not the doctor either.  All I got is that remote software installed on one office computer, by the doctor himself, and he just knows that he has to login with this program and then he can access his studies.  I thought that I could configure the pfSense device to use split tunneling, or some way to trick the program into thinking that it has successfully blocked off all local IPs when it really hasn’t.

    I guess my brain was thinking visual like if two people shared the same glass of drink with two straws, then person 1 (Mr. Cisco) could drink from his straw while person 2 (Miss LAN) could drink from her straw and both be independent of each other.  Similarly, if the computer had two network cards, which it does, then I could send or limit all the Cisco Anyconnect connections through one network card while the other network card could send and receive all local access stuff.  Too much imagination, or is this possible with pfSense?

  • …blocks access to anything local for security purposes

    You got it right there.  Almost certainly, the people who control the tunnel (both client software on PC and remote tunnel server) denied split tunnel deliberately and wouldn’t like you messing with that any more than you would like them messing with your pfSense.

  • It’s controlled by the AnyConnect client, there is nothing you can do. It changes the network stack on that host to enforce the policies pushed by the device it’s connecting to.


© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy