06-10-2019 11:45 AM - edited 06-10-2019 11:45 AM
Hello,
Environment - Cisco ASAv30 9.10(1) - Cisco AnyConnect VPN client 4.7
We have a requirement for our VPN users to access certain external resources (e.g. salesforce.com) but to appear to be coming from the ASA's external IP address.
This is because these websites are locked down to access from specific public IP addresses.
We already have basic split tunnelling enabled for corp internal networks. Is it possible to add on a domain to this somehow? We can't do this via IP as the services in question probably have frequently changing IP addresses.
Is this something that is possible with AnyConnect VPN, while allowing the rest of their internet traffic to go out directly via their own ISP?
Thank you in advance.
Solved! Go to Solution.
06-10-2019 07:30 PM
06-10-2019 07:30 PM
06-11-2019 06:40 AM
Thank you for the quick reply - much appreciated.
06-11-2019 06:55 AM
I was reading your post here : https://community.cisco.com/t5/security-documents/dynamic-split-tunneling-in-anyconnect-vpn/ta-p/3773878
"The dynamic split tunneling exclusions address scenarios when traffic pertaining to a certain service needs to be excluded from the VPN tunnel "
And it reads as though if we wanted to exclude a domain form the tunnel we would use this feature, however we want to include a domain ( .salesforce.com) so that traffic destined for that domain does go over the VPN tunnel.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide