AnyConnect SSL VPN Vista split-tunneling

Unanswered Question
Jun 20th, 2007

I recently setup an ASA5510 with 8.0fw with the AnyConnect SSL VPN Client.

Connecting to the SSL VPN works perfectly from all the XP computers that I have tested from. No problems there. However when on Vista, split-tunneling does not seem to function properly. Everything connects and works fine, and I can get to the defined secured remote nets, however I can't access anything out my default gateway(un-secured traffic). It seems like it might be a problem with Vista security features. When I try to ping out to any outside host, I get:

PING: transmit failed, error code 1231.

I can actually ping my default gateway, but nothing gets routed past it without the above error. I've also confirmed this several Vista installations, with Administrator + UAC disabled. Anyone else?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cassmith Wed, 06/20/2007 - 11:21

I have done the same testing, and on both Vista 32bit and 64Bit the split tunneling does not seem to work. Also I found that this is a "known" bug

From the Release Notes::

AnyConnect Split-tunneling Does Not Work on Windows Vista - AnyConnect split-tunneling works correctly with Windows XP and Windows 2000 (CSCsi82315)

I am happy that 64Bit works but will hold off on roll out until split-tunneling is fixed.


bwallander Wed, 06/20/2007 - 11:28

Ahh, thank you for pointing that out. I can stop pulling out my hair.

bwallander Mon, 06/25/2007 - 13:46

According to my Cisco TAC response, this bug is scheduled to be fixed in 2.1, tentatively scheduled late July or early August.

litouch Fri, 06/22/2007 - 16:09

I even can't get thru anyconnect client hooked with my network. After the client is installed, it always tells me that "vpn client agent SSL engine encountered an error. close all sensitive networked applications"

Dont' know why... Still in research.

cassmith Fri, 07/20/2007 - 17:55

I just got an update on the "split tunnel" bug. Supposedly they have resolved it, now we just need to wait for the updated client to show up on the download site.

bwallander Mon, 08/13/2007 - 13:46

Yep, I am being told the same thing as of today, almost a month later. Has anyone been able to get a pre-release version of 2.1 yet?


This Discussion