https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543967#M1086998 <P>Update:</P><P>&nbsp;</P><P>if you have similar problems.<BR />It is important to enable local lan access in anyconnect profile. As a result, the IP addresses of the virtual adapters only appear in unsecured routes.</P><P>In combination, access to local machines works despite a connected vpn.</P><P>&nbsp;</P> Wed, 02 Feb 2022 11:18:28 GMT andreasalberti 2022-02-02T11:18:28Z https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543625#M1086975 <P>Good day,</P><P>&nbsp;</P><P>I can't really get any further.</P><P>We have set up both an acl and custom attributes for dynamic tunnel exclusions.</P><P>In order to reach the local VM on the host, we have stored a private 172 IP range inside our acl for the tunnel exclusion.</P><P>Unfortunately, this is only drawn very sporadically.</P><P>&nbsp;</P><P>Sometimes i can see the mentioned IP 172.x.x.x in "unsecured routes", but most of the time its not working.</P><P>has anyone ever had similar experiences?<BR />could the problem be due to the private ip range?<BR />The public ips are pulled without problems.</P><P>&nbsp;</P><P>I would be happy about any ideas.</P><P>&nbsp;</P><P>best regards</P> Tue, 01 Feb 2022 19:41:53 GMT https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543625#M1086975 andreasalberti 2022-02-01T19:41:53Z https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543658#M1086983 <P>I think i found something...</P><P><A href="https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f</A></P><P>&nbsp;</P><P>Maybe this is going to solve my problem.</P><P>&nbsp;</P><P>Cheers</P> Tue, 01 Feb 2022 21:02:39 GMT https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543658#M1086983 andreasalberti 2022-02-01T21:02:39Z https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543967#M1086998 <P>Update:</P><P>&nbsp;</P><P>if you have similar problems.<BR />It is important to enable local lan access in anyconnect profile. As a result, the IP addresses of the virtual adapters only appear in unsecured routes.</P><P>In combination, access to local machines works despite a connected vpn.</P><P>&nbsp;</P> Wed, 02 Feb 2022 11:18:28 GMT https://community.cisco.com/t5/network-security/asa-split-tunneling-dynamic-attributes/m-p/4543967#M1086998 andreasalberti 2022-02-02T11:18:28Z