Dynamic Split Tunneling in AnyConnect VPN does not like more than 2 lines

Efren · ‎09-22-2020

Folks,

I have a Split tunnel configuration that seems to have some limitation. When initially created we had an initial list of domain, which worked fine. Later in the week, I received a second list of domains

, so I added them. Worked fine. A few weeks, there was about 3 more domains that I needed to add, so I added them on a 3rd line. Those do not seem to work.

anyconnect-custom-data dynamic-split-include-domains included-domains <Initial list of domains>

anyconnect-custom-data dynamic-split-include-domains included-domains <2nd list of domains>

anyconnect-custom-data dynamic-split-include-domains included-domains <3rd list of domains> ***Not Working***

After breaking my head for a while, I went ahead and tried combining line 2 an 3, and voila, it worked. The only caveat is by doing this, the list needs to be un-applied, destroyed (all lines), re-created, then re-applied. Which in an active VPN configuration can be quite challenging.

anyconnect-custom-data dynamic-split-include-domains included-domains <Initial list of domains>

anyconnect-custom-data dynamic-split-include-domains included-domains <2nd and 3rd list of domains>

Please let me know if anyone has run into this. It is a workaround, but seems more like an annoying bug. I am on asa964-23 5525x.

-Efren