cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
619
Views
0
Helpful
5
Replies
Beginner

Show split-tunnel routes

Hi,

I'm looking for a show command to display split-tunnel routes send to AnyConnect client. We are migration ACS authentication to ISE and we are going to use one group policy but different split tunnels for various users groups. Split-tunnels will be pushed by ISE.

Thank you, Daniel

Everyone's tags (2)
5 REPLIES 5
Participant

"Sh vpn-sessiondb detail

"Sh vpn-sessiondb detail anyconnect" is the command, you can use filter option to check for specific username

HTH

Abaji.

Beginner

Hi Abaji.

Hi Abaji.

But the command show vpn-sessiondb doesn't show split-tunnel information. You can see only applied filter list.

Thank you for your response, Daniel

Highlighted
Participant

Hi Daniel,

Hi Daniel,

I believe the split tunnel policy is controlled by Group-policy and not by tunnel group. The command will show you the name of the group-policy applied for the session, which can show you the split tunnel configuration. If you are using any different implementation, could you share the design document being referred?

HTH,

Abaji.

Beginner

Hi Abaji,

Hi Abaji,

So we have one default group policy and split tunnel information (ACL name) is pushed from ISE as Radius attribute (Cisco-VPN3000:CVPN3000/ASA/PIX7x-IPSec-Split-Tunnel-List). I'm looking for a show command that will show ether subnets or ACL name that was pushed to the client.

Just for reference.VPN filters are pushed as DACL, this setting can be find in show vpn-sessiondb

Thanks, Daniel

Participant

Hi Daniel,

Hi Daniel,

It seems that there is no direct show command to see the attribute being pushed on the session, debug radius seems to be only way check the attribute pushed for this session.

Regards,

Abaji.