Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5342
Views
5
Helpful
5
Replies

AnyConnect V4.7: Management VPN Tunnel

gaigl
Level 3
Level 3

‎12-10-2018 11:36 PM

Hi,

 

in the release notes of AC 4.7 there is one new feature:

"

Management VPN Tunnel—(Requires ASDM 7.10.1) Ensures connectivity to the corporate network whenever the client system is powered up, not just when a VPN connection is established by the end user.

This feature allows patch management on systems which may not come in to the office frequently. Endpoint OS login scripts requiring corporate network connectivity will also benefit from this feature."

 

has anyone tried this and can tell me how to test it?

I can't see the menue to activate (I've got all the requirements)

 

thanks

 

karl

1 person had this problem
Labels:
0 Helpful
5 Replies 5

ccubeman
Level 1
Level 1

‎12-11-2018 05:48 AM

Configuration details start on page 125 at: https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect47/administration/guide/b_AnyConnect_Administrator_Guide_4-7.pdf

 

Works pretty well.  It only uses machine certificates, so no LDAP/radius/local/client cert auth.

rmfalconer
Level 1
Level 1
In response to ccubeman

‎02-04-2019 01:12 PM

I've followed the instructions in this guide but it's not quite working. I do see my client attempt to connect prior to Windows login but the SSL sessions terminates immediately.

We use machine certs for VPN so the cert is present on the endpoint.

Is there something not included in this document that needs to be completed before the management tunnel works?

0 Helpful

tiwang
Level 3
Level 3
In response to Barrett Cowan

‎11-13-2019 01:32 AM

hi out there

If one has multiple xml-profiles avalibly - which management vpn tunnel is tied to this - will there only be one avalibly or how is this sorted out? We have 4 different regions where we have 4 different XML profiles which we manually select from - currently. 

0 Helpful

Barrett Cowan
Level 1
Level 1
In response to tiwang

‎11-13-2019 05:52 AM

The management tunnel isn't tied to any user tunnel, it just becomes active when no user tunnel is connected. Only one management tunnel can be configured at a time. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents