cancel
Showing results for 
Search instead for 
Did you mean: 

NC and split-tunnelling question

Contributor

NC and split-tunnelling question

We are using Network Connect, with no split tunnelling, so all traffic flows through the main office while connected, so we can view/log all traffic from machines connected to the network.

 

Now, we are tasked with getting our remote users connected to our Cisco/Tandberg video conferencing (VC) bridge. 

 

To open the ports to the internal bridge requires a crazy amount of ports, not just to the VC bridge, but to all endpoints, because once setup by the bridge, the session becomes peer-to-peer.

 

We also have an EXTERNAL video conferencing bridge, where exterrnal partners can connect to, and it's forced to go through the VC bridge.

 

I want to allow my user to have direct access to the external VC bridge outside of the tunnel, but with all other traffic staying withing the tunnel.

 

So, my question is, if I put the IP address of our external VC bridge on the split-tunneling policy, will ONLY that traffic be allowed outside of the tunnel? If users try to go to playboy.com, would it still be routed through our corporate office (and blocked by our web filtering solution)?

 

Thanks

1 REPLY 1
Respected Contributor

Re: NC and split-tunnelling question

With split tunneling disabled as you are doing, this cannot be achieved; all traffic will go through the tunnel.

If you move to split tunneling enabled, yes, you would create a policy to capture all your traffic and then an exclude policy for the VC server.

If you are unable to move to split tunneling enabled, however, your goal will not be possible