Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2987
Views
0
Helpful
5
Replies

Show split-tunnel routes

Daniel Firak
Level 1
Level 1

‎02-06-2017 12:48 AM

Hi,

I'm looking for a show command to display split-tunnel routes send to AnyConnect client. We are migration ACS authentication to ISE and we are going to use one group policy but different split tunnels for various users groups. Split-tunnels will be pushed by ISE.

Thank you, Daniel

Labels:
0 Helpful
5 Replies 5

Abaji Rawool
Level 3
Level 3

‎02-08-2017 01:35 AM

"Sh vpn-sessiondb detail anyconnect" is the command, you can use filter option to check for specific username

HTH

Abaji.

0 Helpful

Daniel Firak
Level 1
Level 1
In response to Abaji Rawool

‎02-13-2017 01:15 AM

Hi Abaji.

But the command show vpn-sessiondb doesn't show split-tunnel information. You can see only applied filter list.

Thank you for your response, Daniel

0 Helpful

Abaji Rawool
Level 3
Level 3
In response to Daniel Firak

‎02-13-2017 06:18 AM

Hi Daniel,

I believe the split tunnel policy is controlled by Group-policy and not by tunnel group. The command will show you the name of the group-policy applied for the session, which can show you the split tunnel configuration. If you are using any different implementation, could you share the design document being referred?

HTH,

Abaji.

0 Helpful

Daniel Firak
Level 1
Level 1
In response to Abaji Rawool

‎02-13-2017 06:25 AM

Hi Abaji,

So we have one default group policy and split tunnel information (ACL name) is pushed from ISE as Radius attribute (Cisco-VPN3000:CVPN3000/ASA/PIX7x-IPSec-Split-Tunnel-List). I'm looking for a show command that will show ether subnets or ACL name that was pushed to the client.

Just for reference.VPN filters are pushed as DACL, this setting can be find in show vpn-sessiondb

Thanks, Daniel

0 Helpful

Abaji Rawool
Level 3
Level 3
In response to Daniel Firak

‎02-13-2017 07:07 AM

Hi Daniel,

It seems that there is no direct show command to see the attribute being pushed on the session, debug radius seems to be only way check the attribute pushed for this session.

Regards,

Abaji.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents