Only the networks defined in the split-tunnel are carried over the vpn.
1st: Here's the topolgy;
Okay so let's say you want the client to have access to LAN and WIFI over their vpn connection?
Will that could be controlled using a split-include and matching the networks to be allowed. Take this configuration example for ipsec.
I highlighted the split-include. What split-include represent is address group that includes both the LAN and WIFI subnetworks
So now any ipsec client is issued only those subnets. Here's a snapshot of my route table;
As you can see, the 2 remote subnets and the ipsec-virtual address is in my ipv4 route table.
For SSLvpn, we have the same method but we configured this under our SSLvpn webportals configurations;
And in our route table we would have;
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
=( @ @ )=