Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1957
Views
0
Helpful
4
Replies

DNS split tunneling for Cisco Jabber implementation

BobPearson
Level 1
Level 1

‎02-11-2021 09:19 AM

Hello everyone. 

 

We are in the middle of an implementation for Cisco jabber soft client on remote access VPN clients and there is certain firewall changes that need to be made to meet the requirements they have and we are unable to see if this is currently possible to be done or not.

 

What we currently have is a split tunnel with specified destination (ACL) to traverse over the tunnel, split-dns is none. Now the requirements we received as follows: 

1- These two domains are currently configured on the company DNS servers to resolve to IP A and B

2- DNS queries from remote VPN client (Cisco Jabber) to the two domains need to be using the physical interface DNS servers, not the DNS servers of the VPN adapter and should resolve to X and Y 

 

We were able to achieve this objective but we had faced so many issues, and this is how we achieved it 
split-dns value [Listing all the domains that we need to be able to query over the tunnel, pretty huge list] 
split-tunnel-all-dns disable 

We still have faced issues where some domains needed to be added so we removed the two lines and stayed on previous configuration. Is there any way to achieve the same behavior differently ? In other words, to achieve the same objective but in opposite direction where I can only specify the domains the need to be excluded from being queried through the tunnel (VPN adapter DNS servers). 


Your help will be highly appreciated as this issue has been going for months now. 

 

 

Labels:
0 Helpful
4 Replies 4

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎02-11-2021 09:41 AM

Hi Bob,

 

I am afraid this is still an enhancement

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuq89328/?reffering_site=dumpcr

 

You might want to talk to your account rep/POC to take this up with BU to prioritize it.

 

Thank you,
Dinesh Moudgil

 

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

BobPearson
Level 1
Level 1
In response to Dinesh Moudgil

‎02-12-2021 06:15 AM

Hi Dinesh,

 

Thank you so much for sharing. I am unable to see the link details even though I am a partner. Is there a way to share at least a summary of what is requested. 

 

Thanks.

 

0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee
In response to BobPearson

‎02-14-2021 10:46 PM

Hi Bob,

 

Apparently the bug is not documented clearly but it is an enhancement to tweak split DNS functionality so that you can exclude domain names also, similar to current existing include option.

 

Thank you,
Dinesh Moudgil

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎02-15-2021 02:53 AM

Hi,

Is your jabber excluded from VPN tunnel or not.? If its excluded from VPN
tunnel (expressway deployment), then it should resolve using interface DNS
servers (after failing anyconnect VPN DNS) because the query will
original from physical interface. The anyconnect driver will respond with
'no such name' which will fallback to interface DNS.

See this link for better query.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html#anc10

***** please remember to rate useful posts


0 Helpful
Customers Also Viewed These Support Documents