Local Lan Access and VPN3k/ASA
I think it is not possible on Cisco ASA and VPN3K but I wanted to confirm.
This feature I am asking for works fine on Juniper SSLVPN gateways.
The scenario is users are VPN'ing to VPN3K with split tunnel ENABLED. From the gateway, ranges 10.0.0.0/8 and 192.168.0.0/16 as pushed as Split tunnel routes. Now the issue is they cannot access their home network resources like printers, laptops, microwaves, washing machines ;-) whatever once they are VPN'ed in. In VPN3K, there is no way to push Local Lan access in split tunnel mode and it is only possible with full tunnels. I think there are three solutions to this problem:
1. Enable full tunnel (Not possible for me)
2. Ask users to use illegal range like 192.0.2.0/24 for their home networks.
3. Advertise more specific 10/8 and 192.168/16 from the gateway. it definitely increases config/ops/management overhead as I need to add new 10/8 networks as they come online inside enterprise.
Please let me know if you have any better solution in mind.