Understanding Split Tunneling

The split tunneling feature allows you to optimize traffic flow by directing only corporate traffic back to the Managed Device, while local application traffic remains local. This ensures that local traffic does not incur the overhead of the round trip to the Managed Device, which decreases traffic on the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. link and minimizes latency for local application traffic. This is useful for sites that have local servers and printers. With split tunneling, a remote user associates with a single SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., not multiple SSIDs Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., to access corporate resources (for example, a mail server) and local resources (for example, a local printer). The remote AP Remote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. examines session ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. to distinguish between corporate traffic destined for the Managed Device and local traffic.

Figure 1  Sample Split Tunnel Environment

Figure 1 displays corporate traffic which is GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. tunneled to the Managed Device through a trusted tunnel and local traffic is sent through the source NAT Source NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. and bridged on the wired interface based on the configured user role and session ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port..