Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
788
Views
1
Helpful
11
Replies

GitHub/GitLab access with Cisco AnyConnect

Go to solution
juanbh255
Level 1
Level 1

‎07-08-2024 12:39 PM - edited ‎07-08-2024 01:05 PM

Is there a way that I can set up Cisco AnyConnect to allow me to reach GitHub/GitLab sites while still connected to a DevNet sandbox? constantly disconnecting/reconnecting really does suck. I would like to be able to run a git pull/push while vpn'd into sandboxes.

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
bigevilbeard
VIP
VIP
In response to juanbh255

‎07-22-2024 05:53 AM

@juanbh255 try adding a public dns as your secondary address on your local machine 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

View solution in original post

0 Helpful
11 Replies 11

Go to solution
jokearns1
Cisco Employee
Cisco Employee

‎07-08-2024 02:09 PM

Hi, 

Thats interesting. Sandbox VPN uses split tunnelling to only route specific traffic down to our subnets. You can see these in the route details section of the Anyconnect stats when VPN is active Can you tell me what your local IP is? 

Thanks, 

Support.

0 Helpful

Go to solution
dstaudt
Cisco Employee
Cisco Employee

‎07-08-2024 02:27 PM

The sandbox labs should support split-tunnel, if you can configure that in your client.

0 Helpful

Go to solution
juanbh255
Level 1
Level 1
In response to dstaudt

‎07-17-2024 03:24 AM

How do I configure it?

0 Helpful

Go to solution
bigevilbeard
VIP
VIP
In response to juanbh255

‎07-17-2024 03:34 AM

@juanbh255 

  1. Open Cisco AnyConnect on your device.
  2. Click on the Gear icon in the Preferences.
  3. In the Preferences window, navigate to VPN > Split Tunneling.
  4. Look for the Split Tunneling option. If it's enabled, you should see a checkbox next to it. If the checkbox is selected, split tunneling is enabled.

Could you provide a ping/trace/nslookup to GitHub when connected on the VPN and output of your local route table, from the images you first shared this looks like it is enabled? I am wondering if this is a DNS issue, looks like you are using Windows and i am sure i sure this before and it was a case of setting local DNS up.

Hope this helps.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

Go to solution
juanbh255
Level 1
Level 1
In response to bigevilbeard

‎07-21-2024 04:05 AM

@bigevilbeard 

Split Tunneling looks to be enabled. 

$ nslookup registry-1.docker.io
Server: dns1.production.devnetsandbox.local
Address: 10.17.248.11

*** dns1.production.devnetsandbox.local can't find registry-1.docker.io: Query refused

Tracing route to registry-1.docker.io [34.226.69.105]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 192.168.1.1
2 2 ms 2 ms <1 ms lo0-100.NWRKNJ-VFTTP-332.verizon-gni.net [71.172.67.1]
3 3 ms 4 ms 3 ms 100.41.26.220
4 * * * Request timed out.
5 17 ms 9 ms 9 ms customer.alter.net [63.125.106.130]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.

$ ping registry-1.docker.io

Pinging registry-1.docker.io [34.226.69.105] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 34.226.69.105:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

0 Helpful

Go to solution
bigevilbeard
VIP
VIP
In response to juanbh255

‎07-21-2024 06:28 AM

@juanbh255 this looks like a dns issue, see this thread here https://community.cisco.com/t5/devnet-sandbox/internet-on-my-laptop-stops-when-on-vpn/m-p/4055662#M4568

The DNS server is using a private IP address (like the one you mentioned, 10.17.248.11), it won't be able to resolve external domain names like registry-1.docker.io and I believe is your issue. Follow the steps in the other thread re disable your local IPv6 connection. 

Hope this helps

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

Go to solution
juanbh255
Level 1
Level 1
In response to bigevilbeard

‎07-22-2024 03:50 AM

I tried disabling IPv6 on my NIC but no change.

it looks like it is using dns of sandbox:

*** dns1.production.devnetsandbox.local can't find registry-1.docker.io: Query refused

0 Helpful

Go to solution
bigevilbeard
VIP
VIP
In response to juanbh255

‎07-22-2024 05:53 AM

@juanbh255 try adding a public dns as your secondary address on your local machine 

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io
0 Helpful

Go to solution
juanbh255
Level 1
Level 1
In response to bigevilbeard

‎07-23-2024 11:39 AM

@bigevilbeard Thanks that worked. 

juanbh255_0-1721759954369.png

 

Go to solution
juanbh255
Level 1
Level 1
In response to juanbh255

‎07-25-2024 05:43 AM

@bigevilbeard Do you anyway to make this dns update persistent? Looks like I have to reconfig this everytime I connect to devnet sandbox vpn using Cisco Anyconnect and so that Network adapter settings change too.

0 Helpful

Go to solution
juanbh255
Level 1
Level 1

‎07-08-2024 02:38 PM

juanbh255_0-1720474607794.png

juanbh255_1-1720474641918.png

 

0 Helpful
Customers Also Viewed These Support Documents