03-10-2022 09:30 AM
Hello,
I do not manage anyconnect in our environment but was trying to get some clarity on how the dynamic exclude works since wildcards cannot be used. In the documentation it says to use the domain. The example they gave is pretty simple, *cisco.com
is just cisco.com. Thats nice but I am wanting exclude Microsoft domains for updates, they have 8 billion subdomains, and I don't want to just exclude Microsoft.com that is way too much. So, my question is does it have to be just the base domain that is excluded, or can I just have the subdomain excluded and anything containing that? Example: *.update.microsoft.com can exclude update.microsoft.com or does it have to be microsoft.com? Same with *.dl.delivery.mp.microsoft.com. Can just dl.delivery.mp.microsoft.com be excluded so anything from that subdomain is excluded or does it have to be microsoft.com?
03-10-2022 10:52 AM - edited 03-10-2022 11:01 AM
there are two exclude,
one for Split tunnel with local LAN
other for Split tunnel with domain this for DNS not for IP reachability.
03-10-2022 10:52 AM
03-10-2022 12:03 PM
Thanks for the doc but I don't see any info on excluding domains in it. It looks like ip addresses are being split. Microsoft Ip addresses will change. I'm just wanting to confirm the sub domain can be excluded for split tunnel and not just the base domain like the example I gave
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide