When configuring split tunnel on the ASA an ACL must be configured to filter which subnets will be allowed over the VPN tunnel, this is ok when internal networks are RFC 1918 compliant, however in some cases i have seen companies using public ip addressing internally that is not owned by the company, this causes IP overlapping when deploying split tunnel VPNs.
In order to overcome this issues, there is a feature called Dynamic Split Include Tunneling which is configured as a Anyconnect custom attribute and uses FQDN instead of IP when filtering the traffic that goes over the VPN.
I am wondering if split tunnel can be configured using only anyconnect custom attributes or if IP subnetworks still need to be defined on the split tunnel section in group policies?
Je suis dans le même cas. Je n'arrive pas à mettre en place le Dynamic Split incluse via l'ASDM via l'ASA. Malgré avoir rajouté les attributs names dans la group policy et de rajouter une ACL standard, il est indiqué NONE dans la partie statisic Annyconnect pour Dynamic Split inclusion
Aucun problème par contre pour le Dynamic Split excude. Cela fonctionne.
Quelqu'un peut il m'aider svp je m'attache les cheveux !!!
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...