ASA - split-tunnel-policy command

When configuring a VPN on a Cisco ASA device, the split-tunnel-policy command can be used to specify which traffic will be encrypted and tunneled, and which traffic will be sent in the clear, when deploying a split-tunneling scenario for remote users.

The command syntax is the following:

split-tunnel-policy { tunnelall | tunnelspecified | excludespecified }

The keywords shown behave as follows:

  • tunnelall - This keyword specifies that all traffic goes through the tunnel. Users can reach the Internet through the tunnel.
  • tunnelspecified -This keyword tunnels all traffic from or to the specified networks. This option enables split tunneling. It lets you create a network list of addresses to tunnel. Data to all other addresses travels in the clear, and is routed by the remote user’s Internet service provider.
  • excludespecified - This keyword defines a list of networks to which traffic goes in the clear. This feature is useful for remote users who want to access devices on their local network, such as printers, while they are connected to the corporate network through a tunnel.

https://networklessons.com/cisco/asa-firewall/cisco-asa-anyconnect-remote-access-vpn/