On August 11, 2023, Cisco announced that Cisco SecureX will go end-of-life on July 31, 2024. The content in this Github repository will not be actively maintained following this announcement.

Microsoft Online Split Tunnel

Workflow #0003

Microsoft provides a JSON-formatted feed of their networks and domains for their various cloud services. This workflow demonstrates fetching that JSON, converting it into split-tunneling commands for Cisco Adaptive Security Appliance (ASA), and then executing those commands on an ASA.

Overview GitHub


Change Log

Date Notes
Nov 24, 2020 - Initial release
Aug 31, 2022 - Minor updates to naming and descriptions

See the Important Notes page for more information about updating workflows


Requirements

  • The following system atomics are used by this workflow:
    • None
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed at the bottom of the page
  • Cisco Adaptive Security Appliance (ASA)

Workflow Steps

  1. Fetch the online services information JSON from Microsoft
  2. Use Python to parse the JSON into ASA commands
  3. SSH to an Adaptive Security Appliance and execute the commands

Configuration

  • Go to Microsoft’s website to get the URL for the worldwide endpoint JSON. Click the link on the second bullet to https://endpoints.office.com/endpoints/worldwide and copy the URL into the Microsoft Endpoints URL local variable in the workflow
  • (Optional) Change the name of the objects created by the workflow in the AnyConnect Exclude Domain Group Name and/or Network Object Group Name local variables
  • (Optional) Modify the commands generated in the Get and parse JSON from Microsoft and/or Execute commands on ASA activities

Targets

Target Name Type Details Account Keys Notes
(varies) Terminal Endpoint Configured for your ASA Account key for your ASA This target is provided to the workflow when you run it

Account Keys

Account Key Name Type Details Notes
(varies) Terminal Key-Based Credentials
OR
Terminal Password-Based Credentials
Depends on target type