“This enables IT orgs to identify high volume applications and data sources and move them to the split tunnel first to make the largest impact on VPN performance with the least amount of effort and configuration.”
CISCO VPN CLIENT SPLIT TUNNELING SOFTWARE
Furthermore, CESA tracks the volume of traffic by application, protocol, port, software process, domain, source/destination, etc,” Pope stated. “CESA can monitor the corporate tunnel to identify traffic that could be safely moved to the split tunnel. And the reverse is also true, Pope stated. “There’s some pretty low-hanging fruit customers can send to the internet but then there’s cloud-based applications and other traffic that may not be so obvious, and it’s hard to separate that traffic without knowing what’s coming across the tunnel.”ĬESA provides the VPN traffic insight needed to keep tabs on what traffic is going over the split tunnel and also identify the traffic that should be moved back into the corporate tunnel. “The idea is that with CESA customers can quickly figure out what can be safely put into split tunnels which is of growing importance with the increasing VPN loads many companies are facing,” Pope said. This is particularly useful for remote work endpoints that were rapidly deployed with less stringent that normal security compliance testing Analyse security behaviour of remote endpoints, users and VPN “top talkers”.Monitor and further optimise traffic traversing an existing split tunnel deployment.Implement VPN split tunnelling to alleviate VPN capacity constraints without sacrificing security.In a recent blog Pope wrote that utilising CESA data customers can use it to: Dynamic Split Tunnelling analytics is also supported in CESA.
CISCO VPN CLIENT SPLIT TUNNELING TRIAL
Cisco says that until July 1, 2020, CESA trial licences are offered free for 90 days to help IT organisations with surges in remote working.Īn圜onnect NVM gathers security information such as unique device ID, device name, process/container names, parent processes, privilege changes, source/destination domains, DNS info and network interfaces that can help customers spot data leakage, unapproved applications or SaaS services, security evasion and malware activity, according to Scott Pope, director, product management and business development for the security technical alliances ecosystem at Cisco.Īn圜onnect supports another feature called Dynamic Split Tunnelling, which makes it easy to direct tunnelled traffic by domain name (for example, put all “*webex*.” traffic into the split tunnel). Taken together the product is known as Cisco Endpoint Security Analytics (CESA) and is part of the An圜onnect Network Visibility Module (NVM). It combines telemetry data gathered by Cisco An圜onnect VPN clients with real-time report generation and dashboard technology from Splunk.
![cisco vpn client split tunneling cisco vpn client split tunneling](https://www.cisco.com/c/dam/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config4.gif)
Otherwise all traffic, even traffic headed for sites on the internet, would go through the VPN, through enterprise security measures and then back out to the internet.The idea is that the VPN infrastructure has to handle less traffic, so it performs better.įiguring out what traffic can be taken out of the VPN stream can be a challenge that Cisco is trying to address with a relatively recent product. The rest goes directly to the Internet Service Provider (ISP) without going through the tunnel. That increased traffic puts more stress on enterprise VPN infrastructure, but one of the most effective ways to ease that stress is split-tunnelling.īasically split-tunnelling is a feature that lets customers select specific, enterprise-bound traffic to be sent through a corporate VPN tunnel.