07-02-2019 07:29 PM
Dears ,
I need your help with my problem ,
As you know almost all Client want to using internet while they are using anyconnect session . this is operated normally by adding split-tunnel to the configuration .
But when I configure anyconnect posture my problem is appear . the PCs is required DNS with ability to resolved ISE hostname .
I solved the problem temporary by add static DNS record to my PC but it's unscalable method .
Does anyone have another way to avoid this limitation ?
note : I already push my private DNS information with AnyConnect configuration
I mean the AnyConnect Client received IP Address , Split-Tunnel and DNS .
Solved! Go to Solution.
07-03-2019 05:14 AM
07-03-2019 05:14 AM
07-10-2019 09:27 PM
Dear Mike
First of all I do apologize for the delay because i was outside my office ,
Please find the below Redirect ACL ( in ASA )
access-list AnyConnect-Redirect extended deny udp any any eq domain
access-list AnyConnect-Redirect extended deny udp any eq bootpc any eq bootps
access-list AnyConnect-Redirect extended deny udp any host 10.1.2.95 eq 8905
access-list AnyConnect-Redirect extended deny tcp any host 10.1.2.95 eq 8905
access-list AnyConnect-Redirect extended deny udp any host 10.1.2.95 eq 8909
access-list AnyConnect-Redirect extended deny tcp any host 10.1.2.95 eq 8909
access-list AnyConnect-Redirect extended deny tcp any host 10.1.2.95 eq 8443
access-list AnyConnect-Redirect extended permit ip any any
### 10.1.2.95 is the ISE server
07-03-2019 11:40 AM
Adding to Mike.Cifelli...
Please check the DNS servers configured for the RA-VPN clients. Then, ensure the DNS queries and responses will go through to the internal DNS servers either as Mike.Cifelli suggested or use DACL or interface ACL to permit that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide