12-06-2017 07:24 AM
Client Environment:-
We currently use AnyConnect Client v4.5 with Cisco ASA for SSL VPN. We have Always-On and Trusted Network Detection (TND) configured on AnyConnect client using Domain DNS name and certificate check (URL). So the Trusted Network Detection disconnects the VPN is it see DNS suffix “MyComapny.com” and it has the right certificate Hash for a defined IP host.
We have multiple TND https:// entries to provide for resilience, i.e. https://1.1.1.1:443, htps://1.1.1.2:443
The question being if TND certificate hash fails on the first, does it drop down to the next on the list? Or is it a case of it only drops to the next one if the first is unavailable?
Thanks Khalid
Solved! Go to Solution.