cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

551
Views
0
Helpful
2
Replies
Highlighted

CISCO Any connect v4.4

Does anyone know if the CISCO VPN client (Any connect v 4.4) can be downloaded by anyone and then configured to allow for tunneling?

In other words can the split tunneling on the enterprise VPN solution be bypassed by an end user? Or the solution is configured at the enterprise connection point and no matter who downloads the client, they won't be able to by pass it?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: CISCO Any connect v4.4

While a user with administrative rights on the system would have various tools available to them to circumvent policies, the split tunnel/tunneling policy is passed down from the head-end and is not user controlled.

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: CISCO Any connect v4.4

While a user with administrative rights on the system would have various tools available to them to circumvent policies, the split tunnel/tunneling policy is passed down from the head-end and is not user controlled.

View solution in original post

Highlighted

Re: CISCO Any connect v4.4

Thank you for your response.

I tried to prove this to myself but it seems like we were able to get around it.

Perhaps our test (tracert) was not a goods one.

Can you recommend a way to confirm that given our local admin rights on the PC, we won't be able to circumvent the tunneling policy?

When we used Tracerout command, there was no change before and after establishing the tunnel to the enterprise. The internet was accessible both before and after.

Thx