Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8544
Views
0
Helpful
2
Replies

anyconnect modifies hosts file?

randomjoe1
Level 1
Level 1

‎08-07-2018 09:23 AM - edited ‎02-21-2020 09:26 PM

recently we upgraded our vpn hardware platform.  Because I needed both VPNs to be up simultaniously (multiple profiles tied to respective URLs), we decided to move one profile (URL) at a time.  After changing the DNS record for one of the VPN URLs, not all of the clients migrated.  We still had a handful that kept connecting to the old vpn.  After ruling out DNS TTL and such, we discovered the hosts files on those clients have been modified - the URL for the VPN was tied to the OLD vpn hardware.  looking at documentation and older forum posts, it says that the headend does a dns lookup and could modify client's hosts files.  well, doing a DNS lookup on the old appliance - it does indeed resolve the VPN URL to the new appliance's IP.  I work in a HEAVY BYOD environment, so this is a massive pain for me to find the users, then instruct them how to remove host file entries.  could something be done on the old firewall to remove/update the hosts file entry?

old appliance is an asa 5550, running code asa917-23, anyconnect version 3.1.10010 (I know its old, the new appliance is up to date)

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Rahul Govindan
VIP Alumni
VIP Alumni

‎08-07-2018 04:20 PM

If I recall correctly, AnyConnect modifies the host file during a connection to save the ASA's FQDN throughout the connection. Before it does that, it creates a copy of the existing host file (creates hosts.ac) so that it can revert back to this after disconnection. In your case, it looks like the revert back is failing, causing the modified host file to be saved permanently. This could be caused by Endpoint Security applications preventing host file modification in certain conditions. I do not think there is anything the ASA can do to prevent this. Since you have a BYOD environment, I can't think of a way that you can control this from your end. Is there anything common between users that have seen this issue?

0 Helpful

randomjoe1
Level 1
Level 1
In response to Rahul Govindan

‎08-08-2018 09:52 AM

thats what I thought :(.

 

 

no, there's no common thing between them, its across various operating systems and versions - I know this because I was able to reach out to a few clients.  and since its byod - I honestly have no clue if they have endpoint security enabled...  the corporate endpoint security we offer didn't affect anyconnect altering hosts files.  The hosts file issue only affected a very small population of our users too.  its odd.

 

thanks!

0 Helpful
Customers Also Viewed These Support Documents