Thousands of professionals and students connect to Cisco AnyConnect VPN every day. Sometimes the network configured by your admin may slow you down or block local network access. Split-tunneling is an easy way to control your network traffic and improve connection speed whilst working via VPN.
There are two ways to configure a company VPN:
- Send all data over VPN: This may be called "Host to everywhere", "All traffic", "Full tunnel", "Global VPN"
- Only send data for the company network over VPN: This may be called "Host to network", "Split tunnel" or just "split VPN"
Many companies choose the first option to push all network traffic through the VPN by default. This is easiest to configure, but can mean that accessing regular internet sites can be slower, as the connection has to go through your VPN first.
Certain sites by also be blocked on the VPN gateway, or you may find yourself cut off from accessing printers, smart devices and other devices on your local network.
Sounds familiar? There's an easy workaround...
What is split tunneling?
Split-tunneling lets you determine which data should go via your VPN. This means all your work-related traffic will go securely through the VPN, allowing everything else to go over your regular internet connection or local network.
Set up split-tunneling for a Cisco VPN connection
Trying to connect to your office and home networks at the same time? Want to make sure not all your internet surfing is going via your company VPN?
There's an easy solution for Cisco AnyConnect VPN and you don't need to be a networking genius to set it up!
What you need:
- VPN Tracker (tip: try this out with the free 7 day trial)
- VPN gateway address for your Cisco connection (or a saved connection in TeamCloud)
- Network address for your office / university
Step one: Download VPN Tracker
VPN Tracker is the best VPN client for Mac and iOS - with support for Cisco AnyConnect SSL VPN as well as Cisco IPsec, plus 300+ more VPN gateways and protocols.
With the integrated Traffic Control feature, you can set up split tunneling for Cisco VPN and choose exactly how your traffic is routed.
Step two: Import your Cisco AnyConnect connection
To find your gateway address, open the Cisco AnyConnect Secure Mobility Client and copy the hostname or IP address for your connection:
Then, go to VPN Tracker, create a new Cisco AnyConnect SSL connection, and paste in the address:
When you start the connection, VPN Tracker will prompt you for your username and password. This will be the regular login you use for your Cisco VPN connection. Now you are connected!
Step three: Set up Traffic Control
Once you've successfully configured your connection, switch to the "Advanced" tab, where you can set up your custom VPN settings for Traffic Control.
For this step, you will need the remote network IP address.
What is the remote IP address?
The remote network IP specifies the network you are trying to reach over the VPN (i.e. your company's internal network.)
If you can't find out your remote IP address from your admin, follow these steps:
- Open a page on your company's internal network, e.g. the company intranet and copy the web address
- Open VPN Tracker for Mac and go to "Tools" > "Ping Host"
- Enter the address (e.g. intranet.greenhaven.net) and hit ping to reveal the IP address (e.g. 192.168.10.12)
Following this, simply replace the last digits with a "0" to get the remote network address > 192.168.10.0. (Note: this is a bit simplified, but will work for most common network setups out there).
In the Traffic Control dropdown menu, choose "Only send traffic for the following addresses over VPN" and enter the remote network address from the previous step:
Your Cisco AnyConnect VPN connection will now only be used when accessing addresses which are part of the network you specified. This means all other traffic (i.e. your normal internet traffic) will go through your internet connection as it does normally, bypassing your VPN.