Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1508
Views
0
Helpful
2
Replies

Anyconnect on MacOs split tunneling issue

Ilya Geraskin
Level 1
Level 1

‎03-15-2016 12:23 PM - edited ‎02-21-2020 08:43 PM

Hi,

I found a strange bug with split tunneling on MacOS's Anyconnect VPN Client.

We have a split tunnel configured on the ASA, it has networks: 

192.168.0.0/16

172.16.0.0/12

10.0.0.0/8

They all appear in 'Secured Routes' while 0.0.0.0/0 is in 'Non-Secured Routes'

So I have direct internet connection while connected to the VPN. But at the same time a got another problem:

My LAN is 192.168.1.0 but I see that only Default GW goes to the local interface, all other IPs are tunneled to VPN.

It seems that MacOS doesn't has 'Connected' route with more specific route 192.168.1.0/24 when I connect to the VPN gateway.

Does this problem has more accurate solution instead of placing the static route for LAN?

AnyConnect 4.1

MacOS 10.11.3

Labels:
0 Helpful
2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-15-2016 03:33 PM

Do you really need to have a split route of 192.168.0.0/16?  That sounds like a blunt way of giving access to internal resources.  Creating large split lists like that tends to lead to issues like you have.

0 Helpful

Ilya Geraskin
Level 1
Level 1
In response to Philip D'Ath

‎03-16-2016 12:15 AM

Philip,

Yes, we have a lot of subnets in 192.168.0.0/16 and cannot put all of them into a split tunnel. I'm just wondering it doesn't see that there's more specific local network?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents