Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7265
Views
0
Helpful
3
Replies

Anyconnect and Binding Order (Windows 7)

Justin Schwilling
Level 1
Level 1

‎02-15-2012 12:28 PM - edited ‎02-21-2020 05:52 PM

I have an issue with the Cisco Anyconnect Secure Mobility client version 3.0.5080. Each time I connect the VPN client in Windows 7 (x86 or x64) the Anyconnect Secure Mobility Client Connection Adapter moves to the top of the Adapters and Bindings priority list. You can access this list by navigating to Network and Sharing Center --> Change Adapter Settings --> Then clicking on Advanced -->Advaced Settings... (See attached image Fig1)

If I move the Cisco adapter to the bottom of the binding priority list, it is moved back to the top when I reconnect the VPN client.  This is causing an issue with a cleint's application where something in the binding order prevents a workbook sync across the VPN with the remote server.  The Cisco adapter has to be at the lowest priority in order for the sync to work.  I attached a screenshot of the correct binding order (Fig2).  Does anyone know how to get the Cisco adapter to keep the binding order I have specified, or will it allways just move itself to the top of the priority list?

3 people had this problem
Labels:
Preview file
32 KB
Preview file
51 KB
0 Helpful
3 Replies 3

bturner
Level 1
Level 1

‎09-07-2012 10:01 AM

This appears to be a Windows 7 "Feature" where the latest network interface to make a connection is moved to the top of the binding order, as Windows assumes it has better information than the previous connection.  Otherwise why would you have connected in the first place right? 

We are having a similar issue with a client who has an application which when run binds to the NIC highest in the binding order and then uses that MAC address for licensing.

Since the app is only run by 3 devices, we are issuing PCF files and Ipsec VPN for those users as the IPsec VPN falls into windows "VPN Client Adapters" pool of nics on the binding order, and doesn't change when it connects or disconnects.

I can see why Cisco wanted Anyconnect outside that pool, so it would have a higher level of control over the PC and prevent the user from bypassing security by using a higher bound nic card if you deployed the BYOD / Mobility Solution.

There is a setting on the ASA to allow you to run a script on connect, under the anyconnect customization / script in ASDM.  Looks like a windows script file might allow you to make a change to this binding order, only issue with that is that we would have to know the UID or whatever for the device in order to create the registry key change for each user, and if they connect form another device we might well break that device by making registry changes to it.

Any comment from Cisco Employee's or Anyconnect Dev / Support team would be appreciated.

Brian S. Turner
CCIE 6145
0 Helpful

beanadmin
Level 1
Level 1
In response to bturner

‎02-23-2013 04:26 PM

We are having the same issue with Rockwell RSLinx.  All my clients I've migrated to Cisco Anyconnect have to be migrated back to the IPSEC client:-(  A fix would be appreaciated greatly.

0 Helpful

Keith Laudenberger
Level 1
Level 1

‎05-10-2013 05:59 AM

Has anyone found a solution to this problem, without administrative rights users cannot mannually re-order the network connections to work arround the issue. Also they should not have to in the first place.

CISCO provide a fix or script that fixes this.

0 Helpful
Customers Also Viewed These Support Documents