I have set up two ASA based Dialup VPNs. Tunnel Group 1 only has access to two internal subnets and Tunnel Group 2 has access to all internal subnets.
I have setup the split tunneling configuration for both and have found that the Windows VPN Client (v126.96.36.1990) appears not to force the split tunnel lists downloaded to the client but retain the previous list downloaded.
If I authenticate using a member Tunnel Group 1 I get both subnets as expected with Wireshark showing the two subnets being tunneled over the Cisco VPN and the rest of the internal subnets going out the Internet to be dropped. Authentication to Tunnel Group Two gives me the same result, two subnets only and the rest being sent off to the internet.
Installing the VPN client and the Profile for Tunnel Group 2 on a PC that has not accessed Tunnel Group 1 gives me all the subnets I expect to see.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...