Re: AnyConnect DNS Issue include more than 40 dns sufix

Alex Ribas · ‎10-01-2024

Hi I tried include more than 40 sufix in dns

group-policy GRP_VPN_GUEST attributes
dns-server value X.X.X.X.
split-tunnel-policy tunnelspecified
split-dns value domain1.com domain2.com ........ .domain40.com

I able to include split-dns all domain but when I connect in Anyconnect VPN I cannot see all domain when I type ipconfig/all I saw only until domain15.com for example the others domains I cannot see.

Any clue?

MHM Cisco World · ‎10-03-2024

why you not use wildcard domain instead of list each domain ?

MHM

Alex Ribas · ‎10-04-2024

Thank you but look this scenario.

AnyConnect --> Cisco ASA -> VPN with Customers--> Sites (I need access the page https etc over AnyConnect and DNS)

Example:

domain44.com (internal IP over vpn 192.168.55.10) via IP everything is ok, but only open if I need include in my local hosts otherwise is not working (the pge is not open). I can do PING etc telnet in port 443 etc, but via sufix is not open, because I think have some limitation domain is only 25 domain sufix I can see in windows. but I already included in Cisco ASA group more than 40 domain sufix split-dns, I'm not sure if is limitations in windows11 or anyconnectclient.

only 25 domain when I type ipconfig /all

MHM Cisco World · ‎10-04-2024

From Cisco doc.

Use a single space to separate each entry in the list of domains. There is no limit on the number of entries, but the entire string can be no longer than 492 characters. You can use only alphanumeric characters, hyphens (-), and periods (.).

So if you use othet characters or use count of characters more than 492 then other domain will not appear' I think this what you face.

MHM