MicroNugget: What is Split Tunneling with Virtual Private Networks?
HTML-код
- Опубликовано: 9 июл 2024
- Start learning cybersecurity with CBT Nuggets. courses.cbt.gg/security
In this video, Keith Barker covers split-tunneling with VPNs. Keith explains what split tunneling is, when and why you'd want to use it, how to set it up on an ASA, and how to verify that it's working properly - all in service to keeping a VPN running fast.
VPN tunnels are great tools that are enjoying increasing popularity in many businesses and organizations that have users working remotely. That popularity stems from their many strengths: authentication is ensured because we only set up tunnels for trusted users, data integrity is maintained by the very nature of how traffic moves through a VPN tunnel, and confidentiality is a given as well because encryption is used at every step. But VPNs come at a cost of overhead - if an external user wants to access the internet on a VPN, gateways can quickly become bloated and slow. It's quick work to manually configure an ASA to set a split tunneling policy and then head to the command line to verify the VPN settings. Speed up your VPN tunnels with VPN split tunneling and smart routing.
🌐 Download the Free Ultimate Networking Cert Guide: blog.cbt.gg/02zu
⬇️ 13-Week Study Plan: CCNA (200-301): blog.cbt.gg/39fo
Start learning with CBT Nuggets:
• Cisco CCNP Security | courses.cbt.gg/6t4
• Intro to Networking | courses.cbt.gg/tuv
Quick and informative. 🐿👍
Exactly. I was clear and easy to understand
Explained in simple way, thank you
absolutely clear explanation
That can be done at the user or group level. There is an option called a Dynamic Access Control List (DACL) that allows this granularity and can be based on user, group or even the security posture of the device that is connecting.
Thanks for the question,
Keith Barker
Amazing video, so easy to understand.
wow that was amazing, very clear... thanks a lot
You're a fantastic faculty n master of all the master's...
very clear, thank brother.
you are the best!!
Thanks !
Great Video and very easy to understand. you are a great teacher Keith.
if we want to also nat the full tunnel traffic so that the user can access the intranet and internet both how can we do that ? kindly tell the options.
except the split tunneling .
good job.
Fantastic;
Quick question. In the initial example, you said that you can still access normal websites when using a full tunnel (live video stream in your example) but the connection would just be a little slower due to encryption taking place. If this is the case, why wasnt Keith able to access Google when he connected to the vpn until he set up the split tunnelling?
Can we implement a layer 4 split tunneling.?
Hi Keith, what happens if you uncheck Inherit for Policy and choose Tunnel Network List Below, then you check Inherit for the Network List?
I have that set up on my firewall and it inherits an ACL which is in the Network List if you uncheck Inherit and click Manage to select it.
Why does it select that ACL if Inherit is checked? I can see it in the Anyconnect client where it shows the secured routes, and i have internet connection, so split tunneling is working.
I am really not following this, the internet connection should not be working.
Thx
Hi:
Is it possible to have ASA ( or any other VPN device for that matter), to control access to devices behind the ASA based on the VPN users/group? I.e. User Bob--> Server 1 only, User Cat--> Server 2 Only. Each user may even have different ip network...Bob could be assigned 192.168.10.10 and Cat could be assigned 192.168.20.10..
I am not sure about ASA but we can do this on a Juniper SSL VPN . You can create roles for both the users. Eg Role A for Bob and Role B for Cat, Then we can control what they access using ACL's.
lets say you want Bob to access only a server (10.9.222.210) and Cat another one 10.9.222.45.
Then the policy would look something like this ..
Policy1>> 10.9.222.210/32 Allow Role A
Policy2 >> 10.9.222.45/32 Allow Role B
The above mentioned are NOT commands that you can execute from a CLI.
don't go to cnn go to cbt.