On 01/28/2014 07:15 AM, Kevin Cernekee wrote: >> I have the same problem. AnyConnect has two modes: Split Route, that >> means that only some routes will be provided over the VPN and others >> will go directly and Full Mode where the default route goes over the >> VPN. ocserv currently announces to anyconnect the split mode. The >> problem is that with the split mode you can not push the default route >> or at least not in an obvious way. Pushing other routes works. I have a >> Cisco ASA which I have configured for both modes (split and full) but >> the Cisco ASA is currently offline and I'm 3000 kms away on a business >> trip. As soon as I'm back on Sunday I want to take it back online and >> find out how the full route is announced and than let the list know. > To set ocserv as the default gateway, I just commented out the "route > = " lines in the config file. This stops it from sending the > "X-CSTP-Split-Include:" headers. > This seems to be equivalent to "split-tunnel-policy tunnelall" on an ASA. Nice catch. I'll document that. regards, Nikos
