Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
1
Replies

Dynamic-split-include IP resolves correctly but ip/domain unreachable

glowmaster
Level 1
Level 1

‎11-29-2021 01:22 PM

Running into an issue with dynamic-split-include-domains correctly resolving the block of domain IP address but not passing traffic back to anyconnect client. The domain IP address are correctly showing up in the Secured Routes(IPv4) section but they cannot be accessed via webrowser or pinged. Static split tunnel routes are working without issue. 

Labels:
0 Helpful
1 Reply 1

Mike.Cifelli
VIP Alumni
VIP Alumni

‎12-01-2021 08:57 AM

Please provide additional information so the community can better assist.  Are you able to share screenshots of AC UI routes and any other relevant information?  Couple of things to consider:

-Have you verified that the ASA itself is not dropping packets when using those secured routes due to ACLs/bad routes?

-Is connectivity working between client and domain clients when you have no split tunneling enabled?

0 Helpful
Customers Also Viewed These Support Documents