Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
956
Views
30
Helpful
3
Replies

Cisco Anyconnect Dynamic Split Tunnel Exclude Sub Domains

Keets
Level 1
Level 1

‎03-10-2022 09:30 AM

Hello,

 

I do not manage anyconnect in our environment but was trying to get some clarity on how the dynamic exclude works since wildcards cannot be used.  In the documentation it says to use the domain.  The example they gave is pretty simple, *cisco.com 

is just cisco.com.  Thats nice but I am wanting exclude Microsoft domains for updates, they have 8 billion subdomains, and I don't want to just exclude Microsoft.com that is way too much.  So, my question is does it have to be just the base domain that is excluded, or can I just have the subdomain excluded and anything containing that?  Example:  *.update.microsoft.com    can exclude update.microsoft.com or does it have to be microsoft.com?   Same with *.dl.delivery.mp.microsoft.com.  Can just dl.delivery.mp.microsoft.com be excluded so anything from that subdomain is excluded or does it have to be microsoft.com?

Labels:
3 Replies 3

MHM Cisco World
VIP
VIP

‎03-10-2022 10:52 AM - edited ‎03-10-2022 11:01 AM

there are two exclude, 
one for Split tunnel with local LAN
other for Split tunnel with domain this for DNS not for IP reachability.

Keets
Level 1
Level 1
In response to MHM Cisco World

‎03-10-2022 12:03 PM

Thanks for the doc but I don't see any info on excluding domains in it.  It looks like ip addresses are being split. Microsoft Ip addresses will change.  I'm just wanting to confirm the sub domain can be excluded for split tunnel and not just the base domain like the example I gave 

Customers Also Viewed These Support Documents