I am working on creating a split tunnel to work with a test vpn group profile. We have an external proxy service that slows users down when they are VPN'd in because their web traffic then goes through us. My goal is to configure only private IP's to come through the tunnel, any requests to public IP's should go straight out the users internet connection and not VPN.
I have created an ACL on the firewall that includes all of the standard private 192, 172, and 10 scope ips and I set the vpn group profile to only tunnel based on those IP addresses.
However when I perform this testing with the Cisco AnyConnect SSL VPN client and I look at the routing tab, it still shows 0.0.0.0 0.0.0.0 to go through the VPN tunnel and isn't splitting the traffic. I have not tested this on the orginal Cisco VPN client yet.
The configuration guides that I have looked seems to show I am setting it up correctly but am I missing anything?
Try swapping the source and destination in that ACL, then reconnect via client VPN and see if that makes a difference. You might also try specifying the local pool network used for the client VPN instead of 'any'.