Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
143
Views
1
Helpful
1
Replies

Remote Access VPN with Split tunnel

imanv
Level 1
Level 1

‎05-24-2025 11:01 PM

I want to know that is it possible to change the Split Tunnel access-list using ISE ?

I mean the remote client first connect with a limited split tunnel access list and after successful authentication and authorization in ISE, new split tunnel set.

 

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎05-24-2025 11:08 PM - edited ‎05-24-2025 11:20 PM

@imanv yes, from ISE you can dynamically apply a group policy to the user, the group policy would define the split-tunnel.

RobIngram_2-1748153250146.png

The name defined in ISE must match the name of the group policy on the ASA.

group-policy GP-1 attributes
 split-tunnel-network-list value SPLIT_ACL

Or you can use the "CVPN3000-IPSec-Split-Tunnel-List " and "CVPN3000-IPSec-Split-Tunneling-Policy" attribute value pairs. Reference:- https://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/3.3/user/guide/ad.html

 

Customers Also Viewed These Support Documents