Solved: Re: Anyconnect dual ISP

eandcciscoadmin · ‎09-10-2019

Hello everyone,

I have a Cisco ASA configured with Dual ISP failover. The failover and failback after first ISP port shutdown and turning back on, works fine. I have a concern about Anyconnect connections after failover. Is there a way for ASA to disconnect all Anyconnect users after failback to main ISP automatically?

By "automatically" I mean that I don't have to intervene and kill all the connections by myslef but ASA detects that main ISP is back on line and kills all second ISP Anyconnect connections.

Thanks,

Ramin

Karsten Iwen · ‎09-10-2019

I think you could automate that with an Embedded Event Manager script.

View solution in original post

Karsten Iwen · ‎09-10-2019

When you clear the AnyConnect sessions, you also disturb your users work. I prefer in these scenarios to let the users continue their work on the secondary ISP connection and when they connect the next time they'll again use the primary connection.

All in all, it seems to me more user-friendly.

eandcciscoadmin · ‎09-10-2019

True, but our second connection (which is really our 3rd connection has bandwidth limit (1GB)) and we need to keep our monthly bandwidth for a real disaster.

Thanks

Karsten Iwen · ‎09-10-2019

I think you could automate that with an Embedded Event Manager script.

eandcciscoadmin · ‎10-17-2019

Thanks Karsten, I tied the event manager to interface status change from up to down Syslog (411002) with "noconfirm" option which immediately kills all Anyconnect connections.

Thanks for the hint.

Ramin