02-06-2017 12:48 AM
Hi,
I'm looking for a show command to display split-tunnel routes send to AnyConnect client. We are migration ACS authentication to ISE and we are going to use one group policy but different split tunnels for various users groups. Split-tunnels will be pushed by ISE.
Thank you, Daniel
02-08-2017 01:35 AM
"Sh vpn-sessiondb detail anyconnect" is the command, you can use filter option to check for specific username
HTH
Abaji.
02-13-2017 01:15 AM
Hi Abaji.
But the command show vpn-sessiondb doesn't show split-tunnel information. You can see only applied filter list.
Thank you for your response, Daniel
02-13-2017 06:18 AM
Hi Daniel,
I believe the split tunnel policy is controlled by Group-policy and not by tunnel group. The command will show you the name of the group-policy applied for the session, which can show you the split tunnel configuration. If you are using any different implementation, could you share the design document being referred?
HTH,
Abaji.
02-13-2017 06:25 AM
Hi Abaji,
So we have one default group policy and split tunnel information (ACL name) is pushed from ISE as Radius attribute (Cisco-VPN3000:CVPN3000/ASA/PIX7x-IPSec-Split-Tunnel-List). I'm looking for a show command that will show ether subnets or ACL name that was pushed to the client.
Just for reference.VPN filters are pushed as DACL, this setting can be find in show vpn-sessiondb
Thanks, Daniel
02-13-2017 07:07 AM
Hi Daniel,
It seems that there is no direct show command to see the attribute being pushed on the session, debug radius seems to be only way check the attribute pushed for this session.
Regards,
Abaji.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide