We are eliminating split-tunnel VPN's for remote user access for security reasons. However, many of our users require access to a couple of business-related websites from VPN. We have an ASA 5520 running ASDM 6.0 and looking at the tab for split-tunnels, we have found a section that appears to allow exceptions for split-tunneling. In particular, there is a section called, "DNS Names" that appears to allow certain websites to bypass the inherited group policy on the basis of a website url. Has anyone else tried this?