Domains over Split tunnel RA VPN

-

Use case: Split tunnel remote access VPN

 

In split tunnel VPN most of the times we are passing clients networks (most of the times private addresses) over the tunnel. That means that the remote workers they are using their local internet line to access the internet.

 

What if they want to “pass” some urls over the tunnel? Most of the cases that happens if the specific destination need to be accessed from the gateway address.

 

 

The solution for this is Dynamic split tunnelling.

 

This can be configured from group-policy > Anyconnect  > Custom Attributes > +

 

Select Dynamic Split tunnelling


And then Add the url need to be accessed over the split tunnel.



*Reminder to allow this traffic from VPN filter if used and access controll used if sysopt connection permit-vpn is enabled


Documentation

Comments

Post a Comment

Popular posts from this blog

Converting lightweigh to standalone AP and vice versa

-
Connect with console cable to the cisco AP Default credentials Username : cisco Password: Cisco You can find the AP image type by running the command show version When the AP image ends with k9w8 means the AP is lightweight When the AP image ends with k9w7 means the AP is Standalone AP7cad.74ff.975e> sho version Cisco IOS Software, C3700 Software (AP3G2-K9W8-M), Version 15.3(3)JK2, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2020 by Cisco Systems, Inc. Compiled Wed 01-Apr-20 04:25 by prod_rel_team ROM: Bootstrap program is C3700 boot loader BOOTLDR: C3700 Boot Loader (AP3G2-BOOT-M) LoaderVersion 15.2(4)JB, RELEASE SOFTWARE (fc1) AP7cad.74ff.975e uptime is 5 minutes System returned to ROM by power-on System image file is "flash:/ap3g2- k9w8 -mx.153-3.JK2/ap3g2-k9w8-xx.153-3.JK2" Last reload reason: Reason Not Known To convert the AP from lightweight to standalone please follow the below pro...
Read more

Upgrade WLC / Supplementary image

-
  Today I had to upgrade an AIROS cisco 2504 WLC. After checking if the APs are supported by the new recommended version I noticed that I had to install the supplementary image also. The reason was that 1602i APs wasn’t supported by the main image in 8.5.171.0 version. Due to image size cisco created separate file for some AP images called Supplementary AP Bundle image. Procedure:   Step 1:   Check the current WLC image (Cisco Controller) >show boot Primary Boot Image............................... 8.3.150.0 (default) (active) Backup Boot Image................................ 8.0.152.0 Step 2: Upload the new image ( AIR-CT2500-K9-8-5-171-0.aes ) I did the below procedure via HTTPS. Verify (Cisco Controller) >show boot Primary Boot Image............................... 8.5.171.0 (default) Backup Boot Image................................ 8.3.150.0 (active) Step 3: Check Supported APs of the new version (Cisco Controller) >show ap bundle primary Pr...
Read more

Upgrade Mobility Express

-
Image
 Download the Appropriate image from cisco. Login to ME controller. Go to Management -> Software Update Choose TFTP as the below screenshot. At this point do not forget to extract the downloaded image and point the TFTP directory to the extracted folder containing the image.    ☝☝☝ SOS step as i already forgot that once and i spent time to found/remember it  Proceed with save and Update. AP will reboot and come back after around 5 min. (Hopefully Upgraded ) I found some difficulties to do it work with HTTP. If you have the way to do it you are very welcome to inform me also.
Read more