I've recently switched from using a static default IOS SSL vpn policy to (default-group-policy xxx) Cisco RADIUS (CSACS 4.x) pushed vpn components (determined by the group the user logging in belongs to). Everything seems to be working, url-lists, port-forwards, etc, execpt for the split tunnel config on the full tunnel client, it does not seem to be getting the split tunnel list from the RADIUS server and thus it ends up tunnelling everything which cuts off local internet access. The av pair on my group config looks like this;
I've tried the normal mask and the inverse mask and it always shows 0.0.0.0 0.0.0.0 under the secured routes status of the SSL VPN dialer and no Internet access is available while connected. This split tunnel works just fine when configured via a policy on the actual router via 'svc split-include 10.192.0.0 255.255.0.0', just not when pushed via RADIUS.