cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11795
Views
5
Helpful
1
Replies

AnyConnect 2.5.x secured and non-secured routes

chris.williams
Level 1
Level 1

Hi - I use AnyConnect to establish a secure tunnel to a corporate office.  I prefer to route only corporate traffic through the tunnel.  How do I change AnyConnect to allow for split routes and to add routes for corporate and leave the default route for everything else as is without the VPN established?

eg:

Corporate networks: 10.0.0.0/8 & 172.0.0.0/8

Local network:     192.168.1.0/24

Local Interface:     1 (192.x.x.50)

VPN Interface:      5 (172.x.x.65)

I've attempted to add the following to my AnyConnectProfile.tmpl but no changes:

<ClientInitialization>

   <PPPExclusion UserControllable="true">Override</PPPExclusion>

</ClientInitialization>

<AnyConnectPreferences>

<ControllablePreferences>

<PPPExclusion>Automatic

<PPPExclusionServerIP>204.217.125.37</PPPExclusionServerIP></PPPExclusion>

</ControllablePreferences>

</AnyConnectPreferences>

Any help here is much appreciated.  Thanks...

1 Reply 1

Paul Carco
Level 1
Level 1

I believe what you are looking for is 'Split-tunneling'  have a look at your Group Policy

ASDM

Configuration > Remote Access VPN > Network (Client) Access > Group Policies  and then under 'Advanced' select 'Split-Tunneling' and setup an acl to define the traffic to either  be included or excluded.

If you are going to use an AnyConnect Profile then you can configure under preferences you can check off 'Local Lan Access'

Configuration > Remote Access VPN > Network (Client) Access > AnyConnect Client Profile

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: