Anyconnect tunnelling traffic to a non-secured destination
Just wondered if anyone in the community has come across an issue with split-tunnelling where Anyconnect continues to tunnel traffic to an excluded destination?
To be clear, the Anyconnect client clearly shows a particular /14 supernet in the non-secured routes section and a "netstat -r -n" on the machine shows the correct prefix with a gateway as the IP address of the physical ethernet adapter. However if I run Wireshark against the virtual adapter I can see traffic matching the supernet being tunnelled and I see it hit the ASA that terminates the VPN. I'm capturing from the correct interface, because it's got the VA IP address and I see other traffic to my corporate LAN RFC1918 ranges. I'm seeing this problem with 4.8.03036 landing on FTD 2140 running ASA 9.8(4)29.
I don't really know how I can troubleshoot this any further without PSS/TAC. Has anyone got any ideas?
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.
The future of work isn’t “changing” to a h...
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference.
New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q...
Cisco Secure Endpoint
New packages fit for every organization
Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit...
Our Cisco experts and guests chat about how the integration of Cisco Secure Firewall + Secure Workload is securely accelerating application delivery by allowing NetOps to start running at DevOps speed, and what that means for business success.