03-15-2016 12:23 PM - edited 02-21-2020 08:43 PM
Hi,
I found a strange bug with split tunneling on MacOS's Anyconnect VPN Client.
We have a split tunnel configured on the ASA, it has networks:
192.168.0.0/16
172.16.0.0/12
10.0.0.0/8
They all appear in 'Secured Routes' while 0.0.0.0/0 is in 'Non-Secured Routes'
So I have direct internet connection while connected to the VPN. But at the same time a got another problem:
My LAN is 192.168.1.0 but I see that only Default GW goes to the local interface, all other IPs are tunneled to VPN.
It seems that MacOS doesn't has 'Connected' route with more specific route 192.168.1.0/24 when I connect to the VPN gateway.
Does this problem has more accurate solution instead of placing the static route for LAN?
AnyConnect 4.1
MacOS 10.11.3
03-15-2016 03:33 PM
Do you really need to have a split route of 192.168.0.0/16? That sounds like a blunt way of giving access to internal resources. Creating large split lists like that tends to lead to issues like you have.
03-16-2016 12:15 AM
Philip,
Yes, we have a lot of subnets in 192.168.0.0/16 and cannot put all of them into a split tunnel. I'm just wondering it doesn't see that there's more specific local network?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide