Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1877
Views
0
Helpful
0
Replies

Anyconnect Disable Captive Portal

Scotsdave
Level 1
Level 1

‎01-17-2024 12:55 AM

Hi guys I hope you can help, I've been spending weeks looking at this and pulling my hair out it seems to be fairly common issue with nobody really saying what they did to fix it.

First of all I'm using a Meraki MX100 as the headend for the VPN Server so my options are much more limited than using an ASA.

The issue I'm having is with clients that are inside the network behind the MX hosting the Anyconnect VPN Server. They are getting a warning about being behind a captive portal (they are not its because the anyconnect can't resolve the host because the client is inside the network hosting the VPN)

I have disabled captive portal detection and disabled it being user configurable. DisableCaptivePortalDetection UserControllable = "falsetrue DisableCaptivePortalDetection using the VPN profile editor tool and configured trusted network with DNS suffix and DNS servers or either (mulitple profiles to test affect).

I can see in the DART logs the following:-

VPN STATE : Disconnected

Network State: Web Authentication Required

Network control state: Network Access: Available

Network Type: Trusted.

I'm pushing the Anyconnect client with Intune, using a powershell script to install the MSI's and copy the Profile.xml is  to C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile.

This is only installed on Windows 11 Client and we are using 5.1.0.136 Anyconnect client.

After Installation I can see that the option to toggle captive portal detection is still user configurable and is not ticked. If I tick it manually it disables and shows the Trusted Network symbol in the GUI. 

So it seems I am missing an XML configuration or registry setting somewhere.

I have edited the following XML files that have the captive portal option.

C:\ProgramData\Cisco\Cisco Secure Client\VPN\Profile\Profile.xml

C:\ProgramData\Cisco\Cisco Secure Client\VPN\preferences_global.xml

C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\preferences.xml

C:\Users\%username%\AppData\Local\Cisco\Cisco Secure Client\VPN\preferences.xml

If I set the files to disable captive portal true then the tick box does change but the client doesn't do it.

Thanks for your help.

David

 

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card