Split-Tunnel vs. Local LAN Access Tidbit

In this tidbit I want to cover split-tunneling and local lan access by providing an overview of each & how they differ. First off split-tunneling and local lan access are two separate things. Here is a quick breakdown of each:

  • Split-tunneling: allows you to specifically configure what traffic is sent over the vpn tunnel, and what traffic is unencrypted and sent over internet via local network gateway. With some concern that introduces security risks.

  • Local Lan Access: is a hybrid solution that tunnels all traffic over VPN (encrypted), but local network access is allowed & unencrypted. Note though that the local network access is restricted to that subnet only. Essentially once configured & allowed, "Allow local LAN access" automatically detects and permits the local LAN connectivity, while tunneling & securing everything else.

A very high level example of each from ASA CLI would look like this:

Local lan cli config example:
group-policy LOCAL_LAN_GP attributes
split-tunnel-policy excludespecified
split-tunnel-network-list value <standard acl name>

split tunnel cli config example:
 group-policy SPLIT_TUNNEL_GP attributes
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value <acl name>
 split-tunnel-all-dns disable

A high level example of each from ASDM perspective:

ASDM Group Policy config to allow local lan access:

ASDM Group Policy config to allow split-tunneling:

Overview of each from AnyConnect GUI perspective:

AnyConnect perspective when allowing local lan access:

AnyConnect perspective when allowing split-tunneling:

AnyConnect no local lan access or split tunneling allowed (tunnel & encrypt everything over VPN):

See more VPN related topics via tags or tabs. Cheers!


Recent Posts

See All

Email Security - S/MIME Tidbit

So it has definitely been a minute since I produced a tidbit. Lately I have been investing personal time into email security. The topics that I have covered thus far are in no particular order, but

November 21 Update Tidbit

Sharing some quick personal news as well as an update with where my head is currently at. I recently invested most of my time with VPNs the last couple of months. So I finally decided to take a stab

Personal Tidbit - Oct 2021

Sharing some exciting news. I recently participated in a Cisco Championship Content competition, & actually claimed first place! Pretty excited to receive the news since I frequently spend time on Ci