Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
961
Views
0
Helpful
2
Replies

How to configure two AnyConnect (ikev2) profiles, one with split-tunneling, one w/o split tunneling

1pdemharter
Level 1
Level 1

‎01-26-2021 09:53 AM - edited ‎01-26-2021 09:54 AM

Hi,
 
I plan to migrate from mac/cisco client (ikev1 vpn dial-in ASA5506-X) onto Cisco Anyconnect client ikev2 vpn dial-in. In the past I did all configuration on CLI. I did some reading and I think some things are quite different using AnyConnect and ikev2 vpn dial in (not ssl only!). So I plan use ASDM and I'm really new here.
My question now:
How to create different Anyconnect/Group profiles?

I want to configure to ASA 5506-x with two Anyconnect  profiles for the user, one with split tunnelling enabled and one without (all traffic had to go through the tunnel and INTERNET connection should go via Tunnel to ASA and from here outside to the Internet.  With ikev2 and Anyconnect my first idea was to use two different connection profiles by using each one with a modified default policies. But after some reading, I thing I need two different, a second group policy?

So how do I configure the ASA/Anyconnect client, so that the users can choose to use the profile with split tunnelling or w/o split tunneling (all traffic through to tunnel and back via outside int to the INTERNET?

Is there a link showing how to configure it with asdm (I only found using something changing ASA default no split tunnel to split tunnel by changing the default group policy)

Do I use the default policies with no split tunnel and configure new group policy with split tunneling enabled? So I can connect to the user profile? Can I copy and modify the defgrouppolicy with asdm?

My thx

Pete

0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎01-26-2021 07:01 PM

You need to create Profiles for each

 

here is example split tunnel :

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/119006-configure-anyconnect-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

1pdemharter
Level 1
Level 1
In response to balaji.bandi

‎01-27-2021 02:33 AM

Hi,

 

thx, yes further investigations shows this. I create one with ASDM and copied it on CLI to modify it.

 

Peter

0 Helpful
Customers Also Viewed These Support Documents