Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1992
Views
0
Helpful
2
Replies

MS Teams Issue on MAC with Cisco Umbrella Web Policy

dhiraj.sinha@barcindia.co.in
Level 1
Level 1

‎04-23-2021 10:57 AM

I am facing issue with MS Teams over MAC system. After installing Cisco Any Connect Umbrella Client & configured web Policy, MS Teams stopped working. It is asking for sign in and not getting through. Done the combinations with policy but no luck.

MAC OS - Big Sur, version 11.2.3

Anyconnect secure mobility client version -- 4.10.000093 

Anyone facing this issue??

Cisco TAC told me, after new version of MAC OS, this will resolve.

4 people had this problem
Labels:
0 Helpful
2 Replies 2

rene_braun
Level 1
Level 1

‎09-06-2023 11:58 AM

I am suspecting this is an issue with split tunnel in use. This is no issue related on AC/SC version nor OS version. This behaviour is challenging me for now.

0 Helpful

rene_braun
Level 1
Level 1

‎09-12-2023 01:49 AM

It is definitely, for my case, NOT any kind of OS issue nor AC/SC issue. Just misconfiguration.

I've set:

  • Tunnel All Networks—All exclusions from the VPN tunnel are dynamic.

Along with the networks that has to be tunneled and created 'Custom attribute' list to include my FQDNs that definitely has to be tunneled.

------------------------

Source I have found:

------------------------

https://community.cisco.com/t5/security-knowledge-base/dynamic-split-tunneling-in-anyconnect-vpn/ta-p/3773878

 

  • The dynamic split tunneling exclusions address scenarios when traffic pertaining to a certain service needs to be excluded from the VPN tunnel dynamically, at run time
    • Use case when you have a public cloud service with wide range of public IPs which needs to be excluded from VPN connection such as O365 in run time and dynamically. 
  • Depending on split tunneling policy configured, dynamic split tunneling exclusion is applied as follow:
    • Tunnel All Networks—All exclusions from the VPN tunnel are dynamic.
    • Exclude Specific Networks—Dynamic exclusions are added to preconfigured static ones.
    • Include Specific Networks—Dynamic exclusions are only relevant if at least one IP address of the excluded host names overlaps with a split include network. Otherwise, the traffic is already excluded from the VPN tunnel, and no dynamic exclusion is performed.

 

  • Configuration steps

 

Step 1

Define the custom attribute type in the WebVPN context with the following command: anyconnect-custom-attr dynamic-split-exclude-domains description dynamic split exclude domains

Step 2

Define the custom attribute names for each cloud/web service that needs access by the client outside the VPN tunnel. For example, add Google_domains to represent a list of DNS domain names pertaining to Google web services. The attribute value contains the list of domain names to exclude from the VPN tunnel and must be in comma-separated-values (CSV) format using the following as an example:anyconnect-custom-data dynamic-split-exclude-domains webex_service_domains webex.com, webexconnect.com, tags.tiqcdn.com

Step 3

Attach the previously defined custom attribute to a certain policy group with the following command, executed in the group-policy attributes context:anyconnect-custom dynamic-split-exclude-domains value webex_service_domains

------------------------

 

 

0 Helpful
Customers Also Viewed These Support Documents