09-13-2022 03:58 AM - edited 09-13-2022 04:02 AM
Hi guys,
When the Dynamic Split Tunneling Include feature is configured to inject /32 IPs based on the DNS lookups of the FQDN, how ASA knows what was the DNS response if the lookups never traverse the tunnel?
Is there some sort of DNS sniffing on your local physical adapter DNS lookups done by my virtual AnyConnect interface to let ASA know to inject /32?
Thanks,
myky
09-30-2022 03:51 AM
bump!
09-30-2022 03:55 AM
sorry can you more elaborate ?
09-30-2022 04:27 AM
When following this link:
https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215383-asa-anyconnect-dynamic-split-tunneling.html#anc14
Let's say we use split-tunnels and want to include any domain example.com inside the tunnel.
When DNS lookup happens on the client machine, how anyconnect/asa knows which IP was resolved for 1.example.com FQDN?
DNS lookups don't traverse over the tunnel, the client uses its local internet breakout.
Thanks,
myky
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide