I am trying figure out if it is possible at all to apply "split tunneling" based on dynamic access policy result.
Lets imagine situation where:
1. Cisco Secure Desktop pre-login policy is applied.
2. Based on CSD result the dynamic access policy can enforce specific access list.
I woule like also based on Cisco Secure Desktop result assign or not assign split tunneling to particular users.
Split tunneling is the attribute in group-policy.
DAP can overwirte some attribute in group-policy but as far as I know, it could not do anything with split-tunneling.
If you would like to control the access, you can set ACL filter in DAP.
This is the point of problem.
I need assign user to group-policy based on results of Cisco Secure Desktop pre-check.
I thought i can achieve this by DAP but it seems DAP has limited functionality and as you mentioned can overwite only selected atributes.
Do you have another idea how to assing Split Tunneling atribute dynamicaly based on Cisco Secure Desktop result ?
General idea is assing split tunneling ON when user meets security criteria and assign split tunneling OFF when user doesnt meet security criteria.
I don't see any workaround for this so far.
This feature has been requested in the following bug but unfortunately it is not fixed yet.