I am using AnyConnect with Radius on a asa5510. Radius defines which group-policy should apply to each AnyConnect client.
I'd like to use a different vpn-filter for each group-policy group. With no vpn-filter defined, AnyConnect clients can communicate with inside networks and outside (via nat). However, defining any vpn-filter asa group-policy attribute seems to drop all connectivity for AnyConnect client tunnels in that group. Even something as simple as:
access-list FILTER1 extended permit ip any any
group-policy GROUP1 attributes
vpn-filter value FILTER1
...seems to drop all traffic. Deleting the single vpn-filter line restores connectivity.
I'm unsure how to packet-trace traffic entering via AnyConnect to see where the problem lies.