Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1136
Views
10
Helpful
6
Replies

Anyconnect + ASA split tunneling limitation [information request]

Go to solution
Amen
Level 1
Level 1

‎06-24-2022 06:59 AM

We have the following devices for our company VPNs:

* Concentrator: Cisco Adaptive Security Appliance Software Version
9.8(4)40,
* Client: Cisco Anyconnect version 4.9.00086



We have already implemented split tunneling with a couple of subnets that
go through the tunnel and a default route 0/0 that goes to the internet
directly.

We wanted to know if there’s a limitation regarding the number of subnets
that we can configure on the split tunneling policy to go through the VPN.
Nowadays we have only 5 routes but we’ll have to configure about 150
subnets (or more).

We have not found any official documentation regarding this information.

Is there any limitation? If yes, could you please tell us what’s the limit? or if there are any documents in the cisco Portal?

 

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Amen
Level 1
Level 1

‎07-13-2022 02:18 AM

there are no limitations,

Subnets or prefixes are represented as objects. You can have over 500 objects created

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-24-2022 07:02 AM - edited ‎06-24-2022 07:03 AM

i do not see any Limitation as per i know.

 

but look at the thread :

 

https://community.cisco.com/t5/vpn/asa-anyconnect-restrictions-for-split-tunneling-network-list/td-p/2328881

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Amen
Level 1
Level 1
In response to balaji.bandi

‎06-24-2022 07:20 AM

Thanks, but I see it's quite old,((  ASA 5520 firmware version 9.1.1 with setting up SSL VPN Anyconnect(Anyconnect client version 2.5.605)))) but mine are ASA 9.8(4)40,  and Anyconnect 4.9.+.

 

 there must be a change now. do you have some links or formal resources?

 

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to Amen

‎06-24-2022 07:29 AM

Not that i can direct you, i use latest 9.14.X we have many ACL(like 100+)  not see that issue, that is the reason posted that URL for reference.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Amen
Level 1
Level 1
In response to balaji.bandi

‎06-24-2022 07:45 AM

Thanks for your reply. Did you mean 100 routes/subnets/lines maybe? The question is not how many tunnels we can configure but how many lines in the ACL (routes or subnets to be sent to the VPN connection) can be supported by the client + firewall. I suppose the limitation will come from the client, not the concentrator.

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to Amen

‎06-24-2022 08:22 AM

@Amen I've seen no documentation on the limits or recommendations of the number of split-tunnel routes. Can you not summarise the network routes, that would be more efficient than defining 100s of routes in the split tunnel ACL.

0 Helpful

Go to solution
Amen
Level 1
Level 1

‎07-13-2022 02:18 AM

there are no limitations,

Subnets or prefixes are represented as objects. You can have over 500 objects created

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card