Hi Amit,
Yes you can, you’ll need to create an additional policy group and tunnel group for this. Here’s a quick example:
group-policy VIRL_VPN internal
group-policy VIRL_VPN attributes
vpn-filter value VIRL
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VIRL_SPLIT_TUNNEL
access-list VIRL_SPLIT_TUNNEL standard permit 192.168.1.0 255.255.255.0
access-list VIRL extended permit tcp any object VIRL object-group VIRL_PORTS
access-list VIRL extended permit tcp any object VIRL2 object-group VIRL_PORTS
tunnel-group VIRL_TUNNEL type remote-access
tunnel-group VIRL_TUNNEL general-attributes
address-pool VIRL_VPN_USERS
default-group-policy VIRL_VPN
tunnel-group VIRL_TUNNEL ipsec-attributes
ikev1 pre-shared-key *****
The group policy called “VIRL_VPN” uses an access-list called VIRL to define what resources the remote user can access. It also uses split tunneling, this VPN is only used to reach the networks in access-list VIRL_SPLIT_TUNNEL.
In the tunnel-group, you can see we refer to the VIRL_VPN group-policy.
Hope this helps!
Rene