cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
186
Views
0
Helpful
0
Replies
Highlighted
Beginner

AnyConnect Split Tunneling issue with STUN traffic

Hi guys,

 

I'm experiencing a curious behaviour with AnyConnect split-tunneling.

In my setup, split-tunneling (split-exclude) is working perfectly fine for all FQDNs and subnets defined in the split ACL except for 2 subnets linked to Google Hangouts/Meet.

Reverse routes are correctly pushed on the Windows 10 computer but traffic still go through the VPN. In our front-end firewall we see that traffic as 'STUN' application.

By filtering this type of traffic on our front-end firewall, we see the first packets being denied in the logs and then traffic is correctly split-tunneled at home as expected (Google Meet switches to port 443 because STUN is now blocked). 

 

I looked at some readings to know more about STUN protocol but to my understanding, any traffic defined in the split-exclude ACL should exit at the user's home internet connection whatever the port used.

 

Does someone know what is causing this behaviour?

 

Thanks,

Sylvain.

0 REPLIES 0
Content for Community-Ad