Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3563
Views
5
Helpful
5
Replies

Anyconnect Local Lan Access + split tunnel exclude

Go to solution
buffkata
Level 1
Level 1

‎10-21-2021 05:14 PM - edited ‎10-21-2021 05:16 PM

Hi,

Recently we added zScaler IPs to our existing Local LAN Access ACL. The idea was that since this ACL is a split tunnel exclude it will exclude the zScaler IPs as well. This way RAVPN users will have their HTTP/s traffic protected by the cloud proxy and this will lower the load on the FTD  edge firewall we use to provide Anyconnect VPN to users.

Unfortunately the zScaler traffic was excluded from the tunnel but users lost Local LAN Access - even though the ACL still has the following line and this should be allowed - but all Local traffic is directed to the VPN tunnel. (We tried moving the host 0.0.0.0 on top and bottom of the ACL but nothing changed.)

It would be nice if anyone has an idea if this is not permitted - this way I will stop searching the internet