AnyConnect 2.5.x secured and non-secured routes

Unanswered Question
Aug 9th, 2010

Hi - I use AnyConnect to establish a secure tunnel to a corporate office.  I prefer to route only corporate traffic through the tunnel.  How do I change AnyConnect to allow for split routes and to add routes for corporate and leave the default route for everything else as is without the VPN established?


eg:


Corporate networks: 10.0.0.0/8 & 172.0.0.0/8

Local network:     192.168.1.0/24


Local Interface:     1 (192.x.x.50)

VPN Interface:      5 (172.x.x.65)


I've attempted to add the following to my AnyConnectProfile.tmpl but no changes:



<ClientInitialization>

   <PPPExclusion UserControllable="true">Override</PPPExclusion>

</ClientInitialization>


<AnyConnectPreferences>

<ControllablePreferences>

<PPPExclusion>Automatic

<PPPExclusionServerIP>204.217.125.37</PPPExclusionServerIP></PPPExclusion>

</ControllablePreferences>

</AnyConnectPreferences>


Any help here is much appreciated.  Thanks...

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paul Carco Thu, 08/12/2010 - 18:49

I believe what you are looking for is 'Split-tunneling'  have a look at your Group Policy


ASDM

Configuration > Remote Access VPN > Network (Client) Access > Group Policies  and then under 'Advanced' select 'Split-Tunneling' and setup an acl to define the traffic to either  be included or excluded.



If you are going to use an AnyConnect Profile then you can configure under preferences you can check off 'Local Lan Access'

Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile

Actions

This Discussion

Related Content