Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1168
Views
2
Helpful
5
Replies

Cisco ASAv error: input line size exceeded available buffer

Support Informatique CACOM
Level 1
Level 1

‎09-20-2023 01:14 AM

Hello all,

I've encountered this error message while I was trying to add an FQDN to the split-tunnel list on our production ASAv.

group-policy GroupPolicy_VPN_ADC_DNS attributes
     split-dns value ....

 The message was like: Error : input line size exceeded available buffer (xxx characters).

I have ASA Version 9.13(1)16 and ASA Version 9.16(2)14, both running ASAv10 flavour.

Is there any workaround for this? We actually intend to split more FQDNs.

0 Helpful
5 Replies 5

Sheraz.Salim
VIP Alumni
VIP Alumni

‎09-20-2023 01:31 AM

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/S/asa-command-ref-S/so-st-commands.html#wp2192979874

Use a single space to separate each entry in the list of domains. There is no limit on the number of entries, but the entire string can be no longer than 492 characters. You can use only alphanumeric characters, hyphens (-), and periods (.).

The no split-dns command, when used without arguments, deletes all current values, including a null value created by issuing the split-dns none command.

Starting with version 3.0.4235, Secure Client supports true split DNS functionality for Windows platforms.

Examples

The following example shows how to configure the domains Domain1, Domain2, Domain3 and Domain4 to be resolved through split tunneling for the group policy named FirstGroup:


ciscoasa(config)# group-policy FirstGroup attributes
ciscoasa(config-group-policy)# split-dns value Domain1 Domain2 Domain3 Domain4
please do not forget to rate.
0 Helpful

Support Informatique CACOM
Level 1
Level 1

‎09-20-2023 01:53 AM

Thanks for your input.

That's exactly what we did. We already have a number of FQDNs that are separated with a single space.

It is at the point of adding another FQDN that I got that message. I believe we attained the string's highest length.

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Support Informatique CACOM

‎09-20-2023 02:08 AM

it seems you've hit the limit for the maximum allowed characters in the split-dns value string.

As per the documentation, the entire string can be no longer than 492 characters. If you have already reached this limit, you won't be able to add more FQDNs to the split-tunnel list using the split-dns value command.
try to consolidate multiple FQDNs into a single domain or Identify which FQDNs are the most critical and ensure they are included in the list.

please do not forget to rate.

Support Informatique CACOM
Level 1
Level 1

‎09-20-2023 02:10 AM

That's what I thought, wanted to be sure.

But, will upgrading the software or the licence would change anything?
As at today, we have already simplified the fqdns and still need more room.

0 Helpful

Sheraz.Salim
VIP Alumni
VIP Alumni
In response to Support Informatique CACOM

‎09-20-2023 02:16 AM

No its nothing to do with licence. however, I shall strongly suggest if you have cisco tac support available in that case engage the tac engineer.

you can try with software upgrade and see if this fix the issue.

please do not forget to rate.
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card