split-tunnel-policy and multicast: tunnelspecified vs. excludespecified
We have users on an isolated network that connect to our main office using VPN client 5.0.07.0290. Main office is currently running ASA 8.2(2)17. They also have a multicast source on their local LAN (vbrick video streamer).
When we configure their group policy to use a split-tunnel-policy with "tunnelspecified" and associated with an ACL that enumerates the networks at our home office, they can access the main office resources just fine, and also connect to the multicast stream on their local LAN.
However, when we change this around and use split-tunnel-policy with excludespecified to enumerate the local subnet they are permitted to access (everything else is tunneled in this scenario) multicast breaks.
What I noted with Wireshark is that when using excludespecified some IGMP traffic tries to go down the tunnel adapter (incorrect behavior), and some is going out the ethernet adapter to the local LAN (correct behavior).
We have to use excludespecified because we only permit split tunnel from a very specific subnet.
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the SecureX regio...
More people are working remotely, and this increases the risk of security breaches and the difficulty in defending remote workers where they work and securing the devices they use.
Learn about Cisco Remote Secure Worker solutions that verify workers, secu...
GeneralWhich Cisco Secure products include access to SecureX?What are the SecureX data retention/privacy policies?What is SSE?How can I unlink my smart account from SSE and link it to a new account?Do I have to use the same SSE region as the Secur...
On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distr...