As title asks, Wonder if anyone tried the built-in VPN client with ASA/FTD, instead of using anyconnect/secure client?
Yes, but I don’t remember if it was IKEv1 or 2. This was my guide:
ASA and FTD can handle IKEv2 depending on the configuration. AnyConnect might be required for other reasons, e.g., host posture and/or network control.
I have the IKEv2 working even on a RV260 router from iPhone/iPad. https://community.cisco.com/t5/switching/cisco-rv260-to-iphone-ios-13-built-in-ipsec-vpn/td-p/4150000
RV series IPsec VPN are all done by strongswan and ip xfrm, I think ASA should be the same.
I also have a site-to-site tunnel to the RV260 from a VM running BusyBox with strongswan. Split tunnel is working too. I did through iptables POSTROUTING and extended packet matching modules.
Were you using Asa or FTD? Splitting tunneling works as well?
If the ASA is configured for IKEv1/v2 on VPN. AnyConnect itself using HTTPS. I’ve honestly starting setting remote access to ssl only and turning off the IPSec stuff.
ASA 5506X.
I don’t remember if I specifically tested split tunneling, but the doc says it’s supported.
I have an Ipad and im the networking guy at my company, in the ipad the vpn manager shows cisco logo for connections (sirely would work imo) for me (ipsec with palo alto) and split tunnel is not working.
Anyconnect imo would implement that feature like GlobalProtect for Palo, until using the built in i would lean to the direct full tunneled access.
Good to know split tunneling does not work for IPsec/IKEv2…
That’s wrong: split-tunneling DOES work with AnyConnect, and both IKEv2 and https. It’s just routing rules.
I am not planning to use anyconnect…so will split tunnel still work?
I haven’t worked with s/wan or Juniper, couldn’t say