User profile for user: SampleAccount
SampleAccount Author
User level: Level 1
4 points

Split tunneling doesn't work in Tahoe 26.0.1

After upgrading to macOS Tahoe 26.0.0 and 26.0.1, employees lose access to external networks when connected to the corporate VPN via Cisco AnyConnect with split tunneling. Access to internal resources remains intact.


The issue is reproducible for 10+ users running macOS Tahoe.

Users of other macOS systems (approximately 1,000) are not affected.

The issue is intermittent and can be temporarily resolved by one of the following methods:


Disconnecting the VPN session and waiting for ~10 minutes.

Resetting the network controller in macOS settings.


Updating Cisco AnyConnect from 4.10 version to 5.1.2.146 did not help.

The Cisco ASA configuration was not changed.

MacBook Pro 16″, macOS 26.0

Posted on Sep 30, 2025 6:12 AM

Reply
Question marked as Top-ranking reply
User profile for user: SampleAccount
SampleAccount Author
User level: Level 1
4 points

Posted on Oct 8, 2025 2:39 AM

The cause hasn't been found, but there's a workaround.


When everything works, the default route is marked with the UGScg flag.

But at some random time, its flag changes to UGScIg, and if you were connected to a VPN, access to external networks is lost.


Solution:

sudo route delete -net default

sudo route add default 192.168.0.1 (your gateway on your home network)


Afterwards, it's marked with the correct flag and everything works, but there will be two routes listed:

default 192.168.0.1 UGScg en0

default 192.168.0.1 UGScIg en0


I - indicates that this is an interface route, but why it was marked this way at any given time is unknown.

View in context
2 replies
Question marked as Top-ranking reply
User profile for user: SampleAccount
SampleAccount Author
User level: Level 1
4 points

Oct 8, 2025 2:39 AM in response to SampleAccount

The cause hasn't been found, but there's a workaround.


When everything works, the default route is marked with the UGScg flag.

But at some random time, its flag changes to UGScIg, and if you were connected to a VPN, access to external networks is lost.


Solution:

sudo route delete -net default

sudo route add default 192.168.0.1 (your gateway on your home network)


Afterwards, it's marked with the correct flag and everything works, but there will be two routes listed:

default 192.168.0.1 UGScg en0

default 192.168.0.1 UGScIg en0


I - indicates that this is an interface route, but why it was marked this way at any given time is unknown.

Reply
User profile for user: leroydouglas
leroydouglas
Community+ 2025
User level: Level 10
197,616 points

Sep 30, 2025 10:10 AM in response to SampleAccount

SampleAccount wrote:

After upgrading to macOS Tahoe 26.0.0 and 26.0.1, employees lose access to external networks when connected to the corporate VPN via Cisco AnyConnect with split tunneling. Access to internal resources remains intact.

The issue is reproducible for 10+ users running macOS Tahoe.
Users of other macOS systems (approximately 1,000) are not affected.

The issue is intermittent and can be temporarily resolved by one of the following methods:

Disconnecting the VPN session and waiting for ~10 minutes.
Resetting the network controller in macOS settings.

Updating Cisco AnyConnect from 4.10 version to 5.1.2.146 did not help.
The Cisco ASA configuration was not changed.



To be proactive you can file a bug report / submit your Apple Feedback here: Product Feedback - Apple




If your work mandates the use of a point to point VPN— contact your work IT network admin for support


Reply

Split tunneling doesn't work in Tahoe 26.0.1

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up