Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
10
Helpful
5
Replies

Using same URL name for Anyconnect clients but redirecting Anyconnect connection to VPN ASA closer to client

JuanLarriega8826
Level 1
Level 1

‎09-06-2019 10:32 AM

Hello All;

 

We have different VPN URLs names depending on the region where the client is located and I like to know if you have a recommendation to use one VPN URL name (ex. myvpn.Company.com) but redirecting the VPN connection to a VPN ASA close to the Anyconnect client.

 

Thanks;

 

Juan

Labels:
0 Helpful
5 Replies 5

Josue Brenes
Cisco Employee
Cisco Employee

‎09-07-2019 05:58 PM

Hi Juan,

Maybe you could use something like optimal gateway selection(OGS).

OGS is a feature that can be used in order to determine which gateway has the lowest Round Trip Time (RTT) and connect to that gateway. One can use the OGS feature in order to minimize latency for Internet traffic without user intervention.

You can have one URL with some backup URL’s for the OGS process.

Links for reference:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116721-technote-ogs-00.html

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/anyconnect-profile-editor.html

 

Rate if it helps.

Regards,

Josue Brenes

TAC - VPN Engineer.

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Josue Brenes

‎09-08-2019 08:06 PM

I concur with @Josue Brenes - OGS is the way to go to solve this requirement.

0 Helpful

JuanLarriega8826
Level 1
Level 1
In response to Josue Brenes

‎09-09-2019 09:32 AM

Hello Josue;

 

Thank you for providing the information about OGS, reading the URL link it sounds that OGS caches the information for 14 days, we have people at our company that travels across different countries and I don't know how this cache will work for them. Has you had any experience with this implementation at other sites? I want to be careful before I implement something that it will be more troublesome than the actual fix.

 

Thanks again;

 

Juan

0 Helpful

stsargen
Cisco Employee
Cisco Employee
In response to JuanLarriega8826

‎09-09-2019 10:47 AM

Hi Jaun,

 

We have many customers who have the same issue you are concerned with.  With OGS you will have all of your traveling employees opening IT cases stating that they are connecting to headends that are potentially across the globe.  I would reccomend using a true geographic based load balancer instead of OGS in AnyConnect. 

 

Thanks,

Steve S. 

JuanLarriega8826
Level 1
Level 1
In response to stsargen

‎11-07-2019 01:45 PM

Thank you Steve

0 Helpful
Customers Also Viewed These Support Documents