01-03-2023 06:43 PM
Hello.
1. I am confident I correctly implemented a split tunnel config, so let's for now accept that as given.
2. The server BOTTOMLEVEL at BOTTOMLEVEL.middlelevel.com does not live at the natural DNS location of middlelevel.com (the URL is definitely somehow masked or redirected).
3. The URL middlelevel.com correctly resolves on the www; BUT, the url BOTTOMLEVEL.middlelevel.com gives this symptom...
_____
Description: HTTP 404. The resource you are looking for (or one of its dependencies) could have been removed, had its name changed, or is temporarily unavailable. Requested URL:/
"How does a '404 error' come about? The typical trigger for an error 404 message is when website content has been removed or moved to another URL. There are also other reasons why an error message could appear. These include:'
The URL or its content (such as files or images) was either deleted or moved (without adjusting any internal links accordingly)"
_____
Can you please explain what is going on here, and what are the steps for the solution?
Thank you!
01-04-2023 01:54 AM
friend since you use split-tunnel
try use add split-dns
01-05-2023 03:59 AM - edited 01-05-2023 03:59 AM
This sounds to be a DNS issue. Does BOTTOMLEVEL.middlelevel.com resolve correctly for the VPN clients? For VPN clients, should it be resolving to the public IP or private IP (i.e. should it be accessed via internet or via the VPN)? When testing DNS please use ping or use a browser instead of nslookup.
If BOTTOMLEVEL.middlelevel.com resolves correctly then there is most likely an issue at BOTTOMLEVEL.middlelevel.com side of the setup. If it does not resolve correctly then there is an issue with the DNS setup being pushed to the VPN clients, or perhaps the DNS A record on the DNS server being used by the VPN clients.
01-05-2023 06:00 AM
When I implement the code, the newly included IP address does newly show on the anyconnnect client.
I no longer expect this is a DNS issue because the DNS is resolving to the correct IP address. Also, other users are whitelisted in the software and have successful connections.
Wireshark shows no response at all through the ASA.
I expect I am missing a NAT statement. I am investigating this.
At this point there is no need to respond to this thread. Thank you all for your effort, I do appreciate it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide