topic Re: Cisco ASAv error: input line size exceeded available buffer in Network Security

Cisco ASAv error: input line size exceeded available buffer

Support Informatique CACOM — Wed, 20 Sep 2023 08:14:51 GMT

Hello all,

I've encountered this error message while I was trying to add an FQDN to the split-tunnel list on our production ASAv.

group-policy GroupPolicy_VPN_ADC_DNS attributes
     split-dns value ....

The message was like: Error : input line size exceeded available buffer (xxx characters).

I have ASA Version 9.13(1)16 and ASA Version 9.16(2)14, both running ASAv10 flavour.

Is there any workaround for this? We actually intend to split more FQDNs.

Re: Cisco ASAv error: input line size exceeded available buffer

Sheraz.Salim — Wed, 20 Sep 2023 08:31:51 GMT

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/so-st-commands.html#wp2192979874

Use a single space to separate each entry in the list of domains. There is no limit on the number of entries, but the entire string can be no longer than 492 characters. You can use only alphanumeric characters, hyphens (-), and periods (.).

The no split-dns command, when used without arguments, deletes all current values, including a null value created by issuing the split-dns none command.

Starting with version 3.0.4235, Secure Client supports true split DNS functionality for Windows platforms.

Examples

The following example shows how to configure the domains Domain1, Domain2, Domain3 and Domain4 to be resolved through split tunneling for the group policy named FirstGroup:


ciscoasa(config)# group-policy FirstGroup attributes
ciscoasa(config-group-policy)# split-dns value Domain1 Domain2 Domain3 Domain4

Re: Cisco ASAv error: input line size exceeded available buffer

Support Informatique CACOM — Wed, 20 Sep 2023 08:53:15 GMT

Thanks for your input.

That's exactly what we did. We already have a number of FQDNs that are separated with a single space.

It is at the point of adding another FQDN that I got that message. I believe we attained the string's highest length.

Re: Cisco ASAv error: input line size exceeded available buffer

Sheraz.Salim — Wed, 20 Sep 2023 09:08:18 GMT

it seems you've hit the limit for the maximum allowed characters in the split-dns value string.

As per the documentation, the entire string can be no longer than 492 characters. If you have already reached this limit, you won't be able to add more FQDNs to the split-tunnel list using the split-dns value command.
try to consolidate multiple FQDNs into a single domain or Identify which FQDNs are the most critical and ensure they are included in the list.

Re: Cisco ASAv error: input line size exceeded available buffer

Support Informatique CACOM — Wed, 20 Sep 2023 09:10:17 GMT

That's what I thought, wanted to be sure.

But, will upgrading the software or the licence would change anything?
As at today, we have already simplified the fqdns and still need more room.

Re: Cisco ASAv error: input line size exceeded available buffer

Sheraz.Salim — Wed, 20 Sep 2023 09:16:44 GMT

No its nothing to do with licence. however, I shall strongly suggest if you have cisco tac support available in that case engage the tac engineer.

you can try with software upgrade and see if this fix the issue.