Cisco Cisco AnyConnect Secure Mobility Client v2.x Technical Manual
split-tunnel-network-list value split
default-domain value cisco.com
address-pools value acpool
webvpn
anyconnect profiles value AnyConnect type user
ciscoasa#
This example shows a split-include configuration for an internal 192.168.1.0/24 subnet . With this
configuration, the roaming client will still operate in an encrypted and protected state since traffic
to 208.67.222.222 is not sent via the tunnel.
configuration, the roaming client will still operate in an encrypted and protected state since traffic
to 208.67.222.222 is not sent via the tunnel.
ciscoasa# sh run access-li split
access-list split standard permit 192.168.1.0 255.255.255.0
ciscoasa# sh run group-policy
group-policy GroupPolicy-OpenDNS internal
group-policy GroupPolicy-OpenDNS attributes
wins-server none
dns-server value 1.1.1.1
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
default-domain value cisco.com
address-pools value acpool
webvpn
anyconnect profiles value AnyConnect type user
ciscoasa#
Note: Split-tunnel-all-dns must be disabled in all of the scenarios
Verify
When VPN is connected, the Roaming client should show protected and encrypted as shown in
this image:
this image: