@JustTakeTheFirstStep split tunnelling is used to define which networks to tunnel back to the headend firewall (ASA or FTD) or breakout locally from the client side (exclude from tunnelling to the firewall).
https://www.cisco.com/c/en/us/support/docs...
@kandejohn82 unfortunately FMC version 7.0 is the latest supported version for the 2500 hardware, so you cannot upgrade to a newer (7.1) major version.
FYI, you should upgrade to 7.0.6.2 to resolve the major vulnerabilty in the wild.
Hi @John Bautista as both myself and @tvotna said to check if ESP is dropped, by taking a packet capture on both sides to confirm if ESP packets are sent and received.
@Makoon on the IOS router use the no config-exchange request command in the IKEv2 profile configuration mode to disable configuration exchange options
crypto ikev2 profile profile-v2 no config-exchange request
https://www.cisco.com/c/en/us/td/docs/s...