Showing results for 
Search instead for 
Did you mean: 

Cisco AnyConnect Split Tunnel Exclude. Still sending traffic over VPN

Level 1
Level 1


I am using Cisco AnyConnect for VPN solution. We are split tunneling and excluding what we do NOT want to go over the VPN. We are doing this multiple ways including via an ACL with CIDR blocks and also with a custom attribute with domain names. This is working as expected for the most part. However! We are using RingCentral as a VoIP solution. I have added their CIDR blocks to our exclude list and I can see them in my AnyConnect client as well as my local windows routing table. 

If I ping or trace to IP's in RingCentral's CIDR block, the traffic is routed as I would expect it to be. It goes out locally. If I do a PCAP on the ASA while pinging or tracing, it is going out as expected. However, when making a call from the RingCentral app, the traffic is being tunneled back over the VPN. It is almost as if it is ignoring the local routing table and sending it out whatever interface it wants. I opened a case with RC and they say the application should not be doing what I suspect it is doing. 

This is a relatively simple config on the Cisco side of things. Has anyone else experienced anything like this? Any Suggestions? Thank you kindly. 

1 Reply 1

Can you share pcap