Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3859
Views
5
Helpful
4
Replies

ASA Anyconnect restrictions for Split Tunneling Network List

Go to solution
asalanov1987
Level 1
Level 1

‎09-26-2013 01:25 AM - edited ‎02-21-2020 07:11 PM

Hello,

I have a question. We use Cisco ASA 5520 firmware version 9.1.1 with set up SSL VPN Anyconnect(Anyconnect client version 2.5.605).

We use large Split Tunneling access-list with 200 entries ACE.

If I add more than 200 entries in the access-list and then I connect to the VPN and after this we will see that only 200 entries have been added in the route table.

So, my question is...There is a limit for Split Tunneling ACL when using Anyconnect client?

Thanks,

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jeet Kumar
Cisco Employee
Cisco Employee

‎09-27-2013 07:37 AM

Hi,

This is very well document in one of internal bug at Cisco . Unfortunately, as it
is internal I will not be able to share the same with you. 

The only workaround available as of now is to combine your networks and make
the list as small as possible covering all the required network you need
which is less than or equal to 200

Thanks

Jeet Kumar

View solution in original post

4 Replies 4

Go to solution
Michael Muenz
Level 5
Level 5

‎09-27-2013 06:57 AM

I'd try to contact Cisco directly for such a Q, but it would be better to summarize networks for saving entries.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
0 Helpful

Go to solution
Jeet Kumar
Cisco Employee
Cisco Employee

‎09-27-2013 07:37 AM

Hi,

This is very well document in one of internal bug at Cisco . Unfortunately, as it
is internal I will not be able to share the same with you. 

The only workaround available as of now is to combine your networks and make
the list as small as possible covering all the required network you need
which is less than or equal to 200

Thanks

Jeet Kumar

Go to solution
asalanov1987
Level 1
Level 1
In response to Jeet Kumar

‎09-29-2013 11:48 PM

Hello,

Thank you for your response. We will take this into account in our work.

Are there any plans to fix this bug in the new release ASA?

0 Helpful

Go to solution
nmfoxton
Level 1
Level 1
In response to Jeet Kumar

‎06-04-2020 04:00 AM

Has this bug been resolved or changed?

I am currently experiencing possile issues with split tunnelling Office365 and Ms Teams.

The Standard ACL has 120 lines but AnyConnect only shows 112.

 

Also the ACL for the Firewall is over 120 lines but showing less on AnyConnect.

0 Helpful
Customers Also Viewed These Support Documents