Skip to main content
Cisco Meraki

Cisco+ Secure Connect Traffic Selection

Traffic steering is a VPN feature divides users traffic by sending some of it through an encrypted virtual private network (VPN) tunnel, but route the rest to the open network. This allows you to choose which apps to secure and which can connect normally.  This is a useful feature when you need to keep some of your traffic private, while still maintaining access to local network devices. So you can access foreign networks and local networks at the same time. It's also great because it helps save some bandwidth. 

There are two main methods of traffic steering: 

Local LAN Access 

 

 

Figure 2: Local LAN Access Example 

When you enable local LAN access for VPN clients, it permits those clients to communicate unencrypted with only devices on the network on which they are located. For example, a client that is allowed local LAN access while connected is able to print to its own printer but not to access the private applications without first sending the private traffic through the tunnel.  The client’s default network of 0.0.0.0/255.255.25.255 is understood to mean the local LAN. 

Here's how to configure local LAN: 

 

 

Figure 3: Local LAN Configuration Example Route details: 

 

Graphical user interface, application

Description automatically generated 

Figure 4: VPN client route details

Split Tunneling 

 

 

 

Figure 5: Traffic Steering Example: “Only securely route traffic destined to private applications” 

Split tunneling has been in existence for a long time and is based on static statements using a standard access-list  to either include or exclude IP networks from the VPN tunnel.  Figure 3 illustrates the most common case where the tunnel (also known as split include) is used to access private applications.  All other traffic remains outside the tunnel thus unencrypted. 

Here’s how to configure this case: 

Graphical user interface, text, application, email

Description automatically generated 

Figure 6: Split Tunnel Configuration Example 

 

Graphical user interface, text, application, email

Description automatically generated 

Figure 7: VPN client route details 

  • Was this article helpful?