cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
296
Views
0
Helpful
2
Replies
Highlighted
Beginner

Anyconnect Dynamic Split Include Tunneling

Hi,

When configuring split tunnel on the ASA an ACL must be configured to filter which subnets will be allowed over the VPN tunnel, this is ok when internal networks are RFC 1918 compliant, however in some cases i have seen companies using public ip addressing internally that is not owned by the company, this causes IP overlapping when deploying split tunnel VPNs.

In order to overcome this issues, there is a feature called Dynamic Split Include Tunneling which is configured as a Anyconnect custom attribute and uses FQDN instead of IP when filtering the traffic that goes over the VPN.

I am wondering if split tunnel can be configured using only anyconnect custom attributes or if IP subnetworks still need to be defined on the split tunnel section in group policies?

TIA

2 REPLIES 2
Highlighted
VIP Advocate

I dig into to this but could not find an answer what you looking for but find this link might help you out https://woland.com/2020/03/30/dynamic-split-tunneling-a-covid-19-best-practice/

please do not forget to rate.
Highlighted
Beginner

Bonjour,

 

Je suis dans le même cas. Je n'arrive pas à mettre en place le Dynamic Split incluse via l'ASDM via l'ASA. Malgré avoir rajouté les attributs names dans la group policy et de rajouter une ACL standard, il est indiqué NONE dans la partie statisic Annyconnect pour Dynamic Split inclusion 

Aucun problème par contre pour le Dynamic Split excude. Cela fonctionne.

 

Quelqu'un peut il m'aider svp je m'attache les cheveux !!!

 

Merci encore