I have a design question in building a VPN Cluster using Anyconnect.
I have a customer that wants to map 4 groups to a corresponding VLAN.
employee - Vlan 94
Admin - Vlan 95
IT - Vlan 96
Each Vlan has a specific pool configured, and on the switch side, there is a Vlan interface that is configured as the DG for that subnet.
Now this appears to work just fine from a mapping perspective, however, the question becomes routing. I've noted that there have been others that have run into this issue where the "route <interface> 0 0 tunneled" provides a tunnel default gateway for newly unencrypted traffic "globally"... meaning that you can set a DG for the VPN clients as a whole, however this option doesn't work when these clients groups are mapped to specific VLANs.
So the bottom line question is: Does VLAN Mapping as a limitation only allow access to the local subnet where the user is assigned based on his group configuration, and there is no way to allow them to route off that particular subnet using the the DG for that subnet?