First of all we use split-tunneling for only corporate or vendor internet sites. So we dont VPN ALL traffic thru corporate Cisco ASA. And that is fair as we have BYOD policy and client may have other applications which consume internet traffic and we...
As far as I understand, the DACL (Downloadable Access Control List) is a crucial component pushed from Cisco ISE to the ASA. It dynamically appears on the Cisco ASA and is specifically assigned to AnyConnect users: access-list #ACSACL#-IP-DACL_...Me...
Im looking for the same solution, how to integrate Dynamic Split-Tunneling with DACL from Cisco ISE. Is there way to have DACL dynamically changed based on Dynamic Split-Tunneling?I see that the simplest option would be to use "permit any any" in the...