Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
156
Views
0
Helpful
1
Replies

AnyConnect: Excluding FQDN when using Full tunnel

jstickler
Level 1
Level 1

‎06-05-2024 08:19 AM

I am having an issue with AnyConnect or rather my configuration that I am trying to figure out how to best handle.

We have multiple site to site tunnels that unfortunately we do not have full control on the IP addresses that are being used.  We have a site that has an overlapping IP that we can not use.  When the user connects to our AnyConnect they use the DNS from their DNS servers because they need access to file shares/etc and they are configured with a full tunnel. 

The problem we are encountering is that they are trying to get to a website: gis.company.com which is externally reachable by a public address but also must be present on their dns which is then trying to reach a private address that is unreachable due to it not being in the site to site tunnel.

Internally gis.company.com points to 10.10.10.x

Externally gis.company.com points to a public IP.

What I am trying to figure out is how do I make a full tunnel AnyConnect not resolve a specific FQDN using the DNS of the customer and instead use an external DNS, or if this is even possible.  If I switch the user to a split-tunnel but still use their DNS will AnyConnect recognize the IP is not reachable and then use external DNS.

Thanks for any assistance in advance.

Labels:
0 Helpful
1 Reply 1
Customers Also Viewed These Support Documents