12-29-2021 02:08 AM
Hello,
I've lost my ASAv latest configuration. I wanted to find split tunnel exclusion which were used. I have recent DART diagnostics file. Does dart diagnostics contain the list of split tunnel addresses?
Thank you.
Regards,
Daniel
Solved! Go to Solution.
12-29-2021 06:50 AM - edited 12-29-2021 06:51 AM
@ziqex under "General Information" folder locate the route_result file. It has a "route print" output from the client, from there you can determine the split tunnel routes, these routes have an interface that is from the RAVPN pool.
You will not find the ASA dynamic-split-exclude-domains list configuration as the output is from the client device not the ASA, but you will be able to determine what routes were in the list.
Example:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 2.2.2.254 2.2.2.200 271
1.1.1.5 255.255.255.255 2.2.2.254 2.2.2.200 16
2.2.2.0 255.255.255.0 On-link 2.2.2.200 271
2.2.2.200 255.255.255.255 On-link 2.2.2.200 271
2.2.2.255 255.255.255.255 On-link 2.2.2.200 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.10.0 255.255.255.0 192.168.14.2 192.168.14.1 2
192.168.10.5 255.255.255.255 192.168.14.2 192.168.14.1 2
192.168.11.0 255.255.255.255 192.168.14.2 192.168.14.1 2
The bottom three routes in bold are the split tunnel routes.
12-29-2021 06:15 AM
AFAIK you should be able to find this information inside the DART bundle. I would look specifically under General Information and/or Cisco AnyConnect Secure Mobility Client folders.
12-29-2021 06:46 AM
I've looked through those folders but cannot find any file which contains domains from dynamic-split-exclude-domains list.
Thanks,
Daniel
12-29-2021 06:50 AM - edited 12-29-2021 06:51 AM
@ziqex under "General Information" folder locate the route_result file. It has a "route print" output from the client, from there you can determine the split tunnel routes, these routes have an interface that is from the RAVPN pool.
You will not find the ASA dynamic-split-exclude-domains list configuration as the output is from the client device not the ASA, but you will be able to determine what routes were in the list.
Example:
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 2.2.2.254 2.2.2.200 271
1.1.1.5 255.255.255.255 2.2.2.254 2.2.2.200 16
2.2.2.0 255.255.255.0 On-link 2.2.2.200 271
2.2.2.200 255.255.255.255 On-link 2.2.2.200 271
2.2.2.255 255.255.255.255 On-link 2.2.2.200 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.10.0 255.255.255.0 192.168.14.2 192.168.14.1 2
192.168.10.5 255.255.255.255 192.168.14.2 192.168.14.1 2
192.168.11.0 255.255.255.255 192.168.14.2 192.168.14.1 2
The bottom three routes in bold are the split tunnel routes.
12-29-2021 10:00 AM
I was looking for the dynamic tunnel exclusions rather than IPs.
That's a shame that DART diagnostics does not include dynamic tunnel exclusions.
Thanks,
Daniel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide