About Split Tunneling on Cisco AnyConnect VPN

This article is intended for anyone using the Cisco AnyConnect VPN.

What is Split Tunneling?

VPN split tunneling lets you send some of your application or device traffic through an encrypted VPN, while other applications or devices have direct access to the internet. This is particularly useful if you want to benefit from services that perform best when your location is known while also enjoying secure access to potentially sensitive communications and data. 

What Does This Mean for Me?

Split tunneling will send traffic meant for any University IP address – both the public addresses (137.99.x.x) and private addresses (10.x.x.x) – used on campus. Most of the time, this will not interfere with your ability to use non-University resources. However, a few Internet providers and businesses might be using the same parts of private IP space in such a way that split tunneling will not allow you access to local/non-University resources. 

If, when connected to the VPN, you discover that you have lost access to local resources on your home network, such as a network printer, this may be an indication of having an overlap with an existing UConn network. Since UConn cannot practically adjust our use of 10 space that overlaps with your home network, you must coordinate with your ISP (Comcast, Cox, Spectrum, etc.) to move your home network to something that is more in line with best practices (e.g., 192.168.x.x).

Windows Computers

If you are on a Windows computer, open a Command Prompt or Windows PowerShell by right clicking on the start button and selecting one of the two previously mentioned options. In the window, type ipconfig and press [enter]. You will see something similar to this.

Command Prompt Output
Ethernet adapter Ethernet: Connection-specific DNS Suffix  . : hsd1.ct.comcast.net IPv4 Address. . . . . . . . . . . : 10.0.0.225 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.0.0.1

Mac Computers

Open Terminal by going to Finder > Applications > Utilities > Terminal. In the window that opens, type ifconfig and press [enter]. You will see something similar to this.

Terminal Output
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=400<CHANNEL_IO> ether 3c:22:fb:be:63:00 inet6 fe80::416:a486:685:ed95%en0 prefixlen 64 secured scopeid 0x6 inet 10.0.0.225 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=201<PERFORMNUD,DAD> media: autoselect status: active

What Can I do?

This means that your network does, in fact, overlap with a UConn network. You have two options.

  1. Disconnect from the VPN to access local network resources, such as printers, scanners, and NAS devices.

  2. Contact your ISP and ask them to help you move your local network to a 192.168.xxx.xxx network.

Related Articles