VPN - split tunneling

Split tunneling in the context of network VPNs is a feature that allows a user to route some of their device or application internet traffic through the encrypted VPN tunnel while other data is allowed to directly access the internet through the user's local network connection.

Take a look at the following diagram:


The user on the right has connected to the ASA using a VPN. By default all traffic (whether destined for R1 or for the Internet in general) will be sent through the tunnel once the remote user is connected.

If you want to allow remote users to access the Internet directly via their own internet connection, and not through the VPN tunnel, you must to configure split tunneling.

Split tunneling can be achieved by creating an ACL that defines which networks should be reached via the tunnel. Thus any traffic matching the ACL, will be tunneled, while any traffic that doesn't match the ACL will be routed normally via the local Internet connection. In other words, it won't be encapsulated in the VPN.