I'm looking for a show command to display split-tunnel routes send to AnyConnect client. We are migration ACS authentication to ISE and we are going to use one group policy but different split tunnels for various users groups. Split-tunnels will be pushed by ISE.
Thank you, Daniel
But the command show vpn-sessiondb doesn't show split-tunnel information. You can see only applied filter list.
Thank you for your response, Daniel
I believe the split tunnel policy is controlled by Group-policy and not by tunnel group. The command will show you the name of the group-policy applied for the session, which can show you the split tunnel configuration. If you are using any different implementation, could you share the design document being referred?
So we have one default group policy and split tunnel information (ACL name) is pushed from ISE as Radius attribute (Cisco-VPN3000:CVPN3000/ASA/PIX7x-IPSec-Split-Tunnel-List). I'm looking for a show command that will show ether subnets or ACL name that was pushed to the client.
Just for reference.VPN filters are pushed as DACL, this setting can be find in show vpn-sessiondb
It seems that there is no direct show command to see the attribute being pushed on the session, debug radius seems to be only way check the attribute pushed for this session.