I am testing AnyConnect's "always on" feature. The connect failure policy is working as I expected. I thought I would others input. The Automatic VPN policy has been in place for sometime. Trusted - disconnect. Untrusted - connect
At this point, I enable Always On, Allow VPN disconnect and set the failure policy to Open. Connection failure policies - grey out.
From Cisco documentation. http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html#pgfId-1205144
The fail-open policy permits network connectivity. Regardless of the connect failure policy, AnyConnect continues to try to establish the VPN connection.
From the "advantage" section of the table.
Grants full network access, letting users continue to perform tasks where access to the Internet or other local network resources are needed.
I successfully disconnected and canceled my VPN session. I expected to be able to continue browsing the internet. I was not. I also expected AnyConnect to prompt me again for a username/passwd (from AnyConnect continues to try to establish the VPN connection - above).
What am I missing?