Hello,
we've got a problem with split tunneling and Anyconnect clients. Basically, our policy for remote access users is as follows: local LAN traffic should be allowed directly (eg. local printing), everything else should go through the tunnel. This works pretty fine with the Cisco IPsec VPN Client.
In contrary to that, it doesn't work while using Anyconnect clients. I can't use the exclude-parameter, so my only chance would be to define an ACE, that tunnels traffic for specific networks.
Our problem now is, that we can't tell the ASA to tunnel traffic only for network A oder B. The ASA should tunnel the entire traffic EXCEPT local LAN access. Is is possible to tell the ASA this policy for Anyconnect connections like we did it on the IPsec Group policy?
Our IPsec Group Policy settings:
...
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
...
access-list Local_LAN_Access standard permit host 0.0.0.0
The documentation says, that we cannot use this "excludespecified" parameter for SSL connections, only for IPsec connection.
Any suggestions are appreciated!
Regards,
Marco