06-20-2022 04:26 AM
Hi guys,
ASA and AnyConnect are new to me.
There is a requirement to inject dynamic IP address(s) based on the DNS lookups for a specific website via the AnyConnect tunnel. What above-mentioned technics is the best for this?
Thanks,
myky
Solved! Go to Solution.
06-20-2022 07:18 AM
@Myky yes, I don't see why not - I've seen nothing to say you cannot. The example in this guide use split tunnel and dynamic split tunnel on the same group-policy.
06-20-2022 05:55 AM
06-20-2022 07:04 AM - edited 06-20-2022 07:07 AM
@Rob Ingram thanks so much for your reply. In my case, I actually want to include/inject that dynamically resolved IP to the tunnel.
Ok, so dynamic split-tunnel will do the trick then. Will it work with the conjunction of to already existing "split-tunnel-network-list" ACL:
group-policy GROUP-POLICY attributes dns-server value x.x.x.x vpn-session-timeout 720 vpn-tunnel-protocol ssl-client split-tunnel-policy tunnelspecified split-tunnel-network-list value SPLIT-TUN default-domain value ads client-bypass-protocol enable address-pools value POOL webvpn
Thanks,
myky
06-20-2022 07:18 AM
@Myky yes, I don't see why not - I've seen nothing to say you cannot. The example in this guide use split tunnel and dynamic split tunnel on the same group-policy.
06-21-2022 02:39 AM
Thanks Rob!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide