Hi all,

we run a AnyConnect configuration with splitt tunneling and split DNS is enabled and all works fine,

but today we get a new VoIP application and this App wont be work with AnyConnect established connection.

But let me start to explain our config first:
We are using SpliTunneling and send only the IP Network in the DataCenter to the tunnel. All other traffic is send to the internet.
We are using the DNS Domains in the tunnel: doma.com, doma.com.local and domb.local. DNS Requests for this 3 Domains are send to the internal DNS Server at the DC all other goes to the ISP DNS Server.

Now we get a new Cloud VoIP Client. Without an established AC connection the client works fine, but with an AC established connection the VoIP Client is unable to login.... So what I´ve done... I´ve made a packetcapture with wireshark, and what I can sea is, that the VPN Client add the 3 Tunnel domains to the DNS requests. For example: the client requests normaly xy.voipdom.com I can sea 3 requests -> xy.voipdom.com.doma.com, xy.voipdom.com.doma.com.local and xy.voipdom.com.domb.com.
With this add behind the normal domain the VPN Client send this requests to the internal DNS Server but this DNS Server doesn´t know the requested URL´s (of course).
We´ve done a lot of troubleshooting and one possible idea is to set the metric of the AnyConnect Adapter much waster than the metric of the LAN/WLAN Adpater. If we do this manual, everything works fine, but if we disconnect AC and reconnect the AC Adapter has a metric of 1 again...

We build a workarround with local hosts entries at the moment, but maybe someone has a better idea ?

Many Thanks

M