I've already checked tons of manuals, forums, kbs and cookbooks, made hundreds of experiments on live hardware, but can't find the way to do very simple thing - negating defined split-tunneling subnets for remote WLANs. I mean subnets, which are defined in config wireless-controller wtp-profile / edit <profile> / conf split-tunneling-acl. It is nice feature but working opposite way it should - defined subnets are NOT routed to wireless controller.
In most cases, traveler with FAP expecting direct access to corp network without other external resources slowdowns, which is 100% occurs, if we route all SSID traffic to WLC. Just imagine, how slow it could be, if remote WLAN deployed in hotel in Hong Kong, but WLC is on duty at Portugal.
So I think it is quite normal to define just one (or few) subnets (internal corporate network) to route via WLC, and rest of traffic should go through local FAP GW. For now, to implement this, and make just one subnet (192.168.0.0/16) to be routed to WLC, I should define 15 subnets in wtp-profile, and it is almost maximum supported number (you can't define more than 16 subnets there). So it is not possible to add even one more routable subnet (lets say, 10.11.232.0/24).
Hope I'm missing something, that's why I decided to post it here - maybe someone already knows how to ...