Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Split Tunneling o Any Connect !

Hi 

I want to enable split tunneling on cisco ASA - Any Connect clients. So the idea is that all Corporate destined traffic carries inside the tunnel while the rest goes outside of tunnel. 

Story does not end here :) I foresee one issue with this, i.e. client accessing to specific external websites (www.abc.com) will be blocked as the websites only permit our corporate IPs range. We cannot presume the IP range of abc.com (e.g. facebook.com) . Is there any way to enable split tunneling and also users traffic for specific websites to go via tunnel ?

Regards,

Umair

Everyone's tags (1)
2 REPLIES
Hall of Fame Super Silver

The destination address

The destination address argument in an access-list entry that defines the network list to be split tunneled can include an FQDN for the destination.

We seldom include those since the DNS lookup then needs to be done by the ASA and that can present a performance bottleneck.

New Member

Thanks for your reply. Do you

Thanks for your reply. Do you have any document or reference to share.

Applying fqdn extended ACL to a group is failed in my case :(

asa1(config-group-policy)# split-tunnel-network-list value splittunnel_fqdn
ERROR: Access-list splittunnel_fqdn contains user, user-group, security-group or FQDN objects. These are not supported by group policies.

 

Regards,

Umair

161
Views
0
Helpful
2
Replies
CreatePlease login to create content