Our users use the default Windows VPN client to establish a VPN connection to our Meraki MX64 in combination with a radius server so that they are able to use their Windows identity to login. This works fairly well but I saw Anyconnect being available so I tested it out a bit and it works pretty good too, even with SAML as authentication method so that the users could MFA the connection with their Microsoft Authenticator. But here comes the issue for me: with our previous Windows VPN client solution, we were able to create two VPN connections on the user's computer:
1 profile with split tunnel VPN
1 profile without split tunnel VPN
This seems not to be possible with Anyconnect VPN as split tunnel or non-split tunnel is defined on the server (the MX device) instead of the client and also because the Anyconnect client doesn't seem to support configuring split options. Am I correct in these assumptions? Has anyone ever tackled this problem? I was pretty excited in the thought of implementing Anyconnect but it seems that the VPN routing options make it a non-option for us as we definitely need two different profiles for our users (1 split tunnel, 1 non-split tunnel).
Sadly, the MX implementation is quite limited here compared to the ASA or FTD. When AnyConnect came out, I tried to send Split-Tunnel attributes via RADIUS. But that didn't work; well, I really didn't expect it to work.
Sadly, the MX implementation is quite limited here compared to the ASA or FTD. When AnyConnect came out, I tried to send Split-Tunnel attributes via RADIUS. But that didn't work; well, I really didn't expect it to work.
Get notified when there are additional replies to this discussion.
