Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1053
Views
10
Helpful
3
Replies

Override split vpn setting for Anyconnect on local machine

Go to solution
frank_chang
Level 1
Level 1

‎03-14-2017 09:11 PM - edited ‎02-21-2020 09:11 PM

Hi there,

My company deployed Cisco ASA and AnyConnect as remote access solution with split vpn setting so only traffic to Intranet resource will pass through the tunnel while Internet access still via local broadband.

I wonder if there's anyway I can modify some local setting on AnyConnect so I can route all traffic via the tunnel to Intranet first, then for Internet traffic it can utilize corporate proxy to go out again.

I tried to change default route on DOS prompt when VPN's up but seems not work.

Any suggestion on this?

Thanks

Frank

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2017 11:15 PM

No you cannot do that from the client PC. It has to be done at the ASA. Otherwise it would enable end users to choose security policy independent of what the organization has mandated.

The ASA admin can make multiple profiles so that the user can choose between one type or another - or require certain users to use split VPN and others to not do so.

View solution in original post

3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-14-2017 11:15 PM

No you cannot do that from the client PC. It has to be done at the ASA. Otherwise it would enable end users to choose security policy independent of what the organization has mandated.

The ASA admin can make multiple profiles so that the user can choose between one type or another - or require certain users to use split VPN and others to not do so.

Go to solution
frank_chang
Level 1
Level 1
In response to Marvin Rhoads

‎03-14-2017 11:15 PM

Hi Marvin,

Thanks for the reply.

Understood, it fully makes sense that user shouldn't be able to override the corporate policy, otherwise there'll be severe potential risk. Just wonder if there's any workaround. So seems no.

Thanks again.

Frank

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to frank_chang

‎03-15-2017 01:15 AM

You're welcome. Please mark your question as answered if it has been.

p.s. I have seen one "workaround - if you can call it that - run the VPN from within a VM on the client PC. Something like Windows running in VMware workstation on a Windows PC.

Obviously it's not for the everyday user, but we use this in lab or training environments sometimes to do demonstrations while not losing the ability to see what's going on from the point of view of the demo PC.

Customers Also Viewed These Support Documents