5

I have an Ubuntu server that needs to be able to connect via Cisco AnyConnect VPN to another server for one of our applications.

However, because we're using this server for multiple applications, we can't route all traffic through the VPN.

So, ideally the VPN would be set up so that only the traffic to IP addresses within the outside network would be tunneled, and the rest would travel normally from our network.

I know this would be possible for something like OpenVPN, but I have no idea how this could be done on something like AnyConnect. Does anyone know how I could go about doing this?

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
404 Not Found
  • 153
  • 1
  • 4

1 Answers1

0

This is called Split Tunneling. There is heaps of documentation on how to set this up for AnyConnect. I find that AnyConnect is much easier to configure from within ASDM, but a relevant part of the config might look like this:

access-list split-internet-headoffice standard permit 192.168.100.0 255.255.254.0
access-list split-internet-headoffice standard permit 192.168.161.0 255.255.255.0

group-policy GroupPolicy_Staff attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value split-internet-headoffice
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255