Hi, we have a group configured that is associated with IPSec connection profile and it's inheriting its network list. The DfltGrpPolicy says Tunnel All Networks.

However a system admin wants to be able to access local networks and not have everything tunneled, the authentication is done by AAA server. How can I allow the system admin to access the network resources whilst not creating a new profile to use a different group policy. We want the rest of the users to have their traffic tunneled.

Thanks