Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi All,I am facing an issue whereby traffic suddenly stops passing over a VPN tunnel, even though the tunnel remains up. It appears that encapsulations & decapsulations stop and no one can connect to any endpoints via the tunnel. Performing a 'clear ...
Hi All,A novice when it comes to split tunneling, so I believe this may be a pretty basic question but can't find any info online to validate my thought process.It's quite a complex solution... but basically after a new computer device is provisioned...
Hi,I'd like to know if something is possible...Currently, all traffic goes via the AnyConnect VPN no matter what the destination is. I need to enable split tunneling for a single domain name which will need to go via the local breakout rather than th...
Hi Everyone,
I am currently experiencing the below issue.
I have about 300 clients connected to an SSID and only 20 of them have managed to receive IP's. These are not geographically linked to each other (for instance, 2 people could be standing ...
Hi all,
I seem to be experiencing an issue whereby the subinterface on my router will continually drop when there is no traffic being passed on its associated VLAN. I have done a source ping to bring it back up which was successful, however i would l...
Hi Roel, The issue was identified and fixed for us. We upgraded to version 9.16(4)57. Bug ID CSCwi33817. Completely fixed the issues. In the meantime, you shouldn’t need to reboot to restore the VPNs. Just a ‘clear crypto ikev2 sa’ should do the tric...
So lets say I wanted bbc.co.uk to go out locally but all other traffic via the VPN, I'd need to do the following to enable dynamic split tunnelling with local DNS resolution for excluded addresses:webvpn anyconnect-custom-attr dynamic-split-exclude-...
Thanks for that info.Excuse my ignorance, but what do you mean split tunnel by IP rather than DNS? You're correct in saying that there's one domain name that needs to go out locally.The environment I'm working on is a live one, so just mainly want to...
Ah, thank you! I get it now. So basically if that command wasn't there, it would still drop all packets if they did not match Access-list 100.... kind of like a 'deny all' statement at the end of an ACL like you said.
Thanks again,
Oli
