Cisco Bug: CSCvu67042 - Umbrella DNS local domain bypass is not functioning with centralized data policy
Jul 15, 2020
- Cisco XE SD-WAN Routers
Known Affected Releases
Symptom: When opening the urls that the domain name is configured under local domain list for Umbrella Security policy, the browser will show "the sites are not reachable/Unable to resolve the domain" and packet trace is indicating that the cEdge is dropping the dns query packet with the reason 'NoIPv4Route'. Conditions: When dns traffic is being matched from centralized data policy (Not for NAT). For example, the below sequence 11 is matching all DNS traffic from service VPN. data-policy DATAPOLICY ! vpn-list VPNLIST ! sequence 11 match source-data-prefix-list LAN dns request ! action accept ! sequence 21 match source-data-prefix-list LAN ! action accept nat use-vpn 0 ! ! default-action drop !
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases