03-15-2016 12:23 PM - edited 02-21-2020 08:43 PM
Hi,
I found a strange bug with split tunneling on MacOS's Anyconnect VPN Client.
We have a split tunnel configured on the ASA, it has networks:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
They all appear in 'Secured Routes' while 0.0.0.0/0 is in 'Non-Secured Routes'
So I have direct internet connection while connected to the VPN. But at the same time a got another problem:
My LAN is 192.168.1.0 but I see that only Default GW goes to the local interface, all other IPs are tunneled to VPN.
It seems that MacOS doesn't has 'Connected' route with more specific route 192.168.1.0/24 when I connect to the VPN gateway.
Does this problem has more accurate solution instead of placing the static route for LAN?
AnyConnect 4.1
MacOS 10.11.3
03-15-2016 03:33 PM
Do you really need to have a split route of 192.168.0.0/16? That sounds like a blunt way of giving access to internal resources. Creating large split lists like that tends to lead to issues like you have.
03-16-2016 12:15 AM
Philip,
Yes, we have a lot of subnets in 192.168.0.0/16 and cannot put all of them into a split tunnel. I'm just wondering it doesn't see that there's more specific local network?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: