Hi,
I currently have a split-tunnel vpn and its working just fine. Now I would like to offer the possibility for users to select a "tunnel-all" profile when connecting to their VPN.
I did some research and found that I can create multiple tunnel-groups and group-policies, one of which will have the split-tunnel-policy as tunnel-all.
So am I safe to assume that all I need is to create a new tunnel-group and matching group policy? I pasted below what I intend to use.
Existing CONFIG
tunnel-group ANYCONNECT-PROFILE type remote-access
tunnel-group ANYCONNECT-PROFILE general-attributes
address-pool ANYCONNECT-POOL
default-group-policy GroupPolicy_ANYCONNECT-POLICY
password-management password-expire-in-days 7
tunnel-group ANYCONNECT-PROFILE webvpn-attributes
group-alias ANYCONNECT-PROFILE enable
group-policy GroupPolicy_ANYCONNECT-POLICY internal
group-policy GroupPolicy_ANYCONNECT-POLICY attributes
wins-server none
dns-server value 1.1.1.1 8.8.8.8
vpn-tunnel-protocol l2tp-ipsec ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SPLIT-TUNNEL
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 30
anyconnect ask none default anyconnect
_________________________________________________________
CONFIG to add
tunnel-group ANYCONNECT-FULL type remote-access
tunnel-group ANYCONNECT-FULL general-attributes
address-pool ANYCONNECT-POOL
default-group-policy GroupPolicy_ANYCONNECT-FULL
password-management password-expire-in-days 7
tunnel-group ANYCONNECT-FULL webvpn-attributes
group-alias ANYCONNECT-FULL enable
group-policy GroupPolicy_ANYCONNECT-FULL internal
group-policy GroupPolicy_ANYCONNECT-FULL attributes
wins-server none
dns-server value 1.1.1.1 8.8.8.8
vpn-tunnel-protocol l2tp-ipsec ssl-client
split-tunnel-policy tunnelall
webvpn
anyconnect keep-installer installed
anyconnect dpd-interval client 30
anyconnect ask none default anyconnect
