@jasonjensen Initially that's what we thought the issue was, after weeks of testing, we came to the conclusion that YouTube/Google is detecting "bot activity" based on the Secure Access external IP address regardless of whether it's decrypted or not....

The flexconfig bypass only works if you're using an external DNS server which is not viable for us. We've had this issue since our first tunnel was implemented back in February and made Cisco aware of it in March. We are still running into the issue ...