In applications where there is a tunnel to a remote network it is often desirable to have traffic destined for the non-tunneled network to simply egress the local router towards the Internet. In typical VPN or Tunnel networks this is called a split-tunnel. Split tunneling is a computer networking concept which allows a VPN user to access a public network, e.g., the Internet, and a local LAN or WAN at the same time, using the same physical network connection. This connection service is usually facilitated through a program such as a VPN client software application.
In VPNs, there are basically two types of virtual tunnels that enable secure data transmission: full tunnels and split tunnels. In full tunnel mode, a remote user establishes an Internet connection from a client device, such as a PC, which then runs through the VPN. This naturally includes the user's private data traffic. As a result, every time the user scans the web, it is done through the VPN gateway.
For example, suppose a user utilizes a remote access VPN software client connecting to a corporate network using a hotel wireless network. The user with split tunneling enabled is able to connect to file servers, database servers, mail servers and other servers on the corporate network through the VPN connection. When the user connects to Internet resources (web sites, FTP sites, etc.,) the connection request goes directly out the gateway provided by the local network.
Usually, this network traffic behavior is accomplished via routing statements. But, in a transparent tunnel network architecture where there is no routing and a split-tunnel configuration would require manual configuration of all the network elements along the path.
Split tunneling has a variety of advantages. It only transmits data that actually requires the protection of a VPN, and it enables strict separation of corporate Internet traffic and private Internet use. Split tunneling manageability, however, depends on the quality of the implemented VPN components.