flexvpn anyconnect tunnel all traffic issue

mmercaldieze · ‎11-01-2018

I have a flexvpn solution so anyconnect will use ikev2:

crypto ikev2 authorization policy xxxxx
pool xxxxx
dns xxxxx
netmask 255.255.255.220
include-local-lan
aaa attribute list isakmpxxxxprofile
route set access-list xxxx-access-list

ip access-list standard xxxx-access-list
permit 0.0.0.0 127.255.255.255
permit 128.0.0.0 127.255.255.255

problem is my users cannot access their home printers and other local lan devices. Is there a way to tunnel all traffic but still give them access to their local lan devices?

David Castro F. · ‎11-04-2018

Hello Mmercaldieze,

I hope you are doing great, Your config since ok, though the problem is that this ACL which is for split tunnel you are announcing most of the IP addresses, you could try adding a deny on top of the ACL for the printers IPs, though it might not a complete support scenario:

ip access-list standard xxxx-access-list

deny 172.16.1.15 0.0.0.0 -- Example of printers IP address
permit 0.0.0.0 127.255.255.255
permit 128.0.0.0 127.255.255.255

Or proceed on allowing specifc range of subnets and excluding the printers address.

Keep me posted,

Please qualify all of the helpful answers!

David Castro,

mmercaldieze · ‎11-13-2018

So that does not work on flex vpn, if I put in a deny statement the acl stops on the deny statement, meaning it will not read 0.0.0.0/1 and 128.0.0.0/1

mmercaldieze · ‎11-13-2018

So that does not work on flex vpn, if I put in a deny statement the acl stops on the deny statement, meaning it will not read 0.0.0.0/1 and 128.0.0.0/1