Showing results for 
Search instead for 
Did you mean: 

Anyconnect & Win10 Metered Connections

Level 3
Level 3

Hello all. I can see there is a bug id CSCve11497 which references Anyconnect  4.4 in relation to 

"Anyconnect should allow connection to be set as metered on Windows 10" . My customer has 4.6


The workaround suggests Split-Tunnel or Disable Automatic Windows Updates


My customer is unable to disable windows updates or employ split tunneling, consequently his remote users, of which there are many now now as homeworkers due to the Covid crisis are having to download ALL windows updates often using up expensive 4G bandwidth.


Can anyone tell me when Cisco aim to resolve this matter & have a fix for this bug or suggest another workaround?

2 Replies 2

That bug ID is upto date as of Apr 2020 and has no resolution, you should probably either raise a TAC request or go via your Cisco Partner to request an update.

As far as a workaround is concerned, you could apply either an ACL, DACL or VPN Filter and deny client communication with the Windows Update servers and permit all other traffic.


Level 1
Level 1

Windows 10 (1709) and old, use legacy Network Media Costs to set a connection to Metered.  Modern OS Architecture Windows 10 (1803) and newer, use the updated methods for controlling Metered connections per ethernet connection.

Before Windows 10 1709:

Metered Connections for Ethernet are controlled under the below registry path as a Whole.  Meaning, if one connection is metered, the VPN client respects that metered connection and anything that Pauses on Metered Connections, will correctly Pause once connected to the Cisco VPN.  Because of this shared location for controlling this metered setting.

Computer\HKey_Local_Machine\Software\Microsoft\Windows NT\CurrentVersion\NetworkList\DefaultMediaCost

After windows 10 1709

Each Network adapter will have it's own Key under the blow path named after the GUID of each Respective Adapter, which means this configuration can be independent for each ethernet connection

Path: Computer\HKey_Local_Machine\Software\Microsoft\DusmSvc\Profiles\{ProfileGUID}\*


What this means and what is the underlying issue,  the Cisco AnyConnect VPN client does not recognize the new Media Cost locations of Modern OS's and is still 6 years later, relying on the DefaultMediaCost.  The "Ethernet 2" Cisco AnyConnect Adapter, does not even create a registry entry in this new location Computer\HKey_Local_Machine\Software\Microsoft\DusmSvc\Profiles\{ProfileGUID}\* used by Modern OS's and is exactly why the Cisco AnyConnect Adapter is no longer respecting the wireless networks Metered Connection status.

Again, the main reason this worked was because prior to windows 10 1803, all connections shared one location for Metered Connections and the VPN Client was using that location to meter the VPN as well.  If you connected to a metered connect in the Legacy OS, all connections were metered including Cisco. 

Cisco has failed to keep up with Modern OS Architecture on their VPN client.  3 years later, this still has not been resolved by the original poster.  My additional case reporting this as a bug has resulted in a "Feature" Enhancement Request.....  Which this is not.  It previously worked.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: