Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1086
Views
10
Helpful
3
Replies

After VPN anyconnect tunnel implemented, HTTP 404 error (?)

jmaxwellUSAF
VIP
VIP

‎01-03-2023 06:43 PM

Hello.

1. I am confident I correctly implemented a split tunnel config, so let's for now accept that as given.

2. The server BOTTOMLEVEL at BOTTOMLEVEL.middlelevel.com does not live at the natural DNS location of middlelevel.com (the URL is definitely somehow masked or redirected).

3. The URL middlelevel.com correctly resolves on the www; BUT, the url BOTTOMLEVEL.middlelevel.com gives this symptom...

_____

"Server Error in '/' Application. The resource cannot be found.

Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable.    Requested URL:/

"How does a '404 error' come about? The typical trigger for an error 404 message is when website content has been removed or moved to another URL. There are also other reasons why an error message could appear. These include:'

The URL or its content (such as files or images) was either deleted or moved (without adjusting any internal links accordingly)"

_____

Can you please explain what is going on here, and what are the steps for the solution?

Thank you!

Labels:
0 Helpful
3 Replies 3

MHM Cisco World
VIP
VIP

‎01-04-2023 01:54 AM

friend since you use split-tunnel 
try use add split-dns 

Marius Gunnerud
VIP
VIP

‎01-05-2023 03:59 AM - edited ‎01-05-2023 03:59 AM

This sounds to be a DNS issue.  Does BOTTOMLEVEL.middlelevel.com resolve correctly for the VPN clients?  For VPN clients, should it be resolving to the public IP or private IP (i.e. should it be accessed via internet or via the VPN)?  When testing DNS please use ping or use a browser instead of nslookup.

If BOTTOMLEVEL.middlelevel.com resolves correctly then there is most likely an issue at BOTTOMLEVEL.middlelevel.com side of the setup.  If it does not resolve correctly then there is an issue with the DNS setup being pushed to the VPN clients, or perhaps the DNS A record on the DNS server being used by the VPN clients.

--
Please remember to select a correct answer and rate helpful posts

jmaxwellUSAF
VIP
VIP

‎01-05-2023 06:00 AM

When I implement the code, the newly included IP address does newly show on the anyconnnect client.

I no longer expect this is a DNS issue because the DNS is resolving to the correct IP address. Also, other users are whitelisted in the software and have successful connections.

Wireshark shows no response at all through the ASA.

I expect I am missing a NAT statement. I am investigating this.

At this point there is no need to respond to this thread. Thank you all for your effort, I do appreciate it.

0 Helpful
Customers Also Viewed These Support Documents