hi out there
We have been implementing Anyconnect (4.7) and are using the TND feature where I until now have been testing for the primary domain suffix and a trusted server in our DC
Previously we have been testing for the domain suffix and DNS servers. But because of that we have many locations this is a bit cumbersome to maintain the DNS server so I swapped to a trusted server instead
But remote locations experience often that the VPN connects even they are on a trusted network. Now have I tried to reduce it to a simple domain-suffix and see if this works better for us
What is your experience with it ? what are you using as criterias for this ?