Solved: AnyConnect Remote-Access VPN using Split-Tunnel-Policy = tunnelspecified

whistleblower14 · ‎03-21-2019

hi all,

I´ve a question regarding an ACL used for a split-tunnel policy... is it a normal behavior, that this ACL entries show NO hitcount when using the show access-list command? - Everything is working fine and I can also see the configured Networks in the AnyConnect Route-Details!

Rob Ingram · ‎03-23-2019

The split tunnel ACL is just used to identify the subnets, which is pushed to the AnyConnect client. I would not expect any hitcounts as this ACL is not being processed like an interface ACL.

View solution in original post

balaji.bandi · ‎03-21-2019

Depends on how you configured. but what kind of logs you looking or expecting ?

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100936-asa8x-split-tunnel-anyconnect-config.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

whistleblower14 · ‎03-23-2019

I'd like to know/understand why I've no hitcounts on the ACL statments like I've it for e.g. an ACL bound to an interface

Rob Ingram · ‎03-23-2019

The split tunnel ACL is just used to identify the subnets, which is pushed to the AnyConnect client. I would not expect any hitcounts as this ACL is not being processed like an interface ACL.

whistleblower14 · ‎03-29-2019

@Rob Ingram wrote:
The split tunnel ACL is just used to identify the subnets, which is pushed to the AnyConnect client. I would not expect any hitcounts as this ACL is not being processed like an interface ACL.

@Rob Ingram thank you very much - with this simple sentence you opened my eyes :) and probably steered me in the right direction!

I´ve additionally set a VPN-Filter ACL and here I can see the hitcounts!

thanks once again - cheers