Re: AnyConnect Split tunnel for just particular user in group
As Marvin mentioned it is possible.
Now, just to add some more details.
IFyou use the local users database of the ASA, you can assign a specific group-policy to specific users. Such group-policy will overwrite the "default-group-policy" defined under the "tunnel-group xxx general-attributes" configuration.
username cisco attributes
IFyou use an external database like AD or an external server, you can assign:
1- Attribute 25 --> RADIUS.
2- LDAP attribute mapping with memberOf and Group-policy.
The above attributes let the ASA know which group-policy should be assigned to a specific user.
And btw, YES, split-tunneling is a risk, so use it carefully. You can use Cisco Host Scan for instance to make sure that the user system has, at least, the latest AV, AS among others.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...