Meraki Anyconnect DNS split tunnel

FedericoC
Conversationalist

Meraki Anyconnect DNS split tunnel

Hello Comunity,

I have seen that when I connect with the Anyconnect client my DNS queries are routed through this network card and my default DNS set on my network card is not used.
Is there any way to make a configuration to override this behavior?
I would like only IP traffic destined for the specific subnet to go into VPN, but not the DNS queries

 

FedericoC_0-1696347956137.png

 

3 Replies 3
alemabrahao
Kind of a big deal
Kind of a big deal

Have you tried changing the client routing?

 

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance#Client_Routing

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
FedericoC
Conversationalist

Hello,

I have the settings in the previous image, because I need to implement spli tunnel on this client and I need to reach only the networks in 10.0.0.0/16.
With these settings if I run a DNS test through, for example https://browserleaks.com/dns, I see that DNS queries are made to Cisco Umbrella and I do not use the DNS I have set on my PC network card.

Do you know the possibility of completely bypassing DNS configurations as is possible on the Cisco ASA?

FedericoC
Conversationalist

Hello community,

I have scaled the request to meraki support, who replied that SPLIT DNS functionality is not currently supported.

Below is the support response:

 

Hey Federico,

I did some digging and sadly it looks like there is no specific feature for DNS exclusion for Anyconnect like on the ASA. However, it looks like this has been requested in the past but I would recommend requesting it as a feature using the ‘Make a wish’ button in the bottom right-hand corner of the dashboard. The more people that recommend a feature, the more likely it is to get added. 

As always, let me know if you have any additional questions and I will be happy to answer them!

Best,

Network Engineer | .ılı.ılı. Cisco Meraki - Chicago .ılı.ılı.

 

Greetings,

Federico Ciampi

 

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels