hello Federico,

Thanks for the response.  I am guessing the information you provided is relevant at the VPN server level.  Please note that I am an end-user with no admin privileges. I do not the options being available to me on the VPN Client software.

Thanks again, for your time and help.

Hi,

Which traffic to send through the tunnel is handled at the server side.

You can check the following on the client:

AnyConnect - Statistics - Details - Under Route Details you should have the non-secured routes and the secured routes.

The Secured routes is what you're sending through the tunnel and the non-secured routes whatever traffic is exempt from the tunnel (like your local LAN).

If you don't have your LAN in the non-secured routes, it must be configured on the server side.

Federico.

Hello Federico,

Thanks for the response.  Looks like I am pretty much struck with this issue then, since I am not sure, my work would allow non-secured addresses. I checked the "route details" and see that non-secured routes is blank and no option to update/edit it.  Thanks for all your help and time with this... I wish and hope there is some kind of option (like setting up static routes etc) to get over this problem.  Any thoughts?

Thanks

Try this:

Split-exclude tunneling requires that you enable       AllowLocalLanAccess in the AnyConnect Client. All       split-exclude tunneling is regarded as local LAN access. In order to use the       exclude feature of split-tunneling, you must enable the       AllowLocalLanAccess preference in the AnyConnect VPN       Client preferences. By default, local LAN access is disabled. This       behavior is different from that of AnyConnect Client Release 2.2.

In order to allow local LAN access, and therefore split-exclude       tunneling, a network administrator can enable it in the profile, or users can       enable it in their preferences settings. In order to allow local LAN access, a       user selects the Allow Local LAN access check box if       split-tunneling is enabled on the secure gateway and is configured with the       split-tunnel-policy exclude specified policy. Refer to       Usage       Notes for AnyConnect VPN Client Release 2.3 for more information. In       addition, you can configure VPN Client Profile if local lan access is allowed       with true.

Got it from this link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080702992.shtml#dsfg

Federico.

Hello Federico,

From the information you included:

>>>if  split-tunneling is enabled on the secure gateway and is configured with the       split-tunnel-policy exclude specified policy

As mentioned previously, I enabled the option, but it doesn't make a difference, which makes me believe that at the VPN Server/gateway level, this option is not enabled or how settings in place, which prevents me from connecting to local network.  This is really disappoints me.. I will try to contact our help desk to see if they would allow such settings, but I am not really optimistic about this.  The problem is, I have to now disconnect and connect from VPN, each time I need to print also, I am not able access my network resources (Shares etc..).

Thanks again,

If it does not work it most likely is not enabled on the server side that's correct.

Federico.