Forum Discussion
Split Tunnel Implemented. But, some of the traffic still going via VPN
Hi, I am new to Microsoft Teams and I am wondering why some of Microsoft Teams traffic and going straight to the internet and some are going via VPN. We use Cisco AnyConnect and has configured dynam...
Hi Andres and Ed,
Yes, we did try blocking the traffic in ASA and it forces Teams Media to go straight to Microsoft. But, in this scenario we are asking Teams to select the route instead of your network. Also, will this cause an issue as there is an unnecessary delay during the setup time. Is Teams designed to do this (routing decision) as well?
Another question: Not sure if this is relevant. Looking at the browser network activity (by pressing f12 in Edge Browser). I noticed these lines.
https://statics.teams.cdn.office.net/hashed/lazy-ng1-mod-calling-bot-service.min-409f922.js
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ringing
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ended
"statics.teams.cdn.office.net" is not included on our dynamic exclusion test as this is not on the MS Teams list. Also
pinging "statics.teams.microsoft.com" resolves to "s-0005.s-msedge.net [52.113.194.132]"
pinging "statics.teams.cdn.office.net" resolves to "s-0005.s-dc-msedge.net [52.113.195.132]"
Yes, we did try blocking the traffic in ASA and it forces Teams Media to go straight to Microsoft. But, in this scenario we are asking Teams to select the route instead of your network. Also, will this cause an issue as there is an unnecessary delay during the setup time. Is Teams designed to do this (routing decision) as well?
Another question: Not sure if this is relevant. Looking at the browser network activity (by pressing f12 in Edge Browser). I noticed these lines.
https://statics.teams.cdn.office.net/hashed/lazy-ng1-mod-calling-bot-service.min-409f922.js
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ringing
https://statics.teams.cdn.office.net/hashed/Audio/Teams_Call_Ended
"statics.teams.cdn.office.net" is not included on our dynamic exclusion test as this is not on the MS Teams list. Also
pinging "statics.teams.microsoft.com" resolves to "s-0005.s-msedge.net [52.113.194.132]"
pinging "statics.teams.cdn.office.net" resolves to "s-0005.s-dc-msedge.net [52.113.195.132]"
Teams doesn't really make a decision on where the data goes, That's DNSs job. Teams looks up the endpoint and starts sending traffic to it.
Now, if for some reason the other end doesn't respond, Teams may back down another protocol to get the data through. For instance, Media data wants to go UDP, but if it can't, it will switch to TCP and even HTTPS:.
Try using the tool at https://docs.microsoft.com/en-us/microsoft-365/enterprise/office-365-network-mac-perf-onboarding-tool?view=o365-worldwide and do this from multiple locations using multiple computers and both domain joined and non-domain joined machines with VPN on and off. I think you find it enlightening.