Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1481
Views
1
Helpful
1
Replies

Anyconnect and Akamai ETP Client

nplusplus
Level 1
Level 1

‎03-19-2020 01:49 PM

Hello, All,

 

I sincerely hope you, and your families, and your co-workers are all well.  I am sure we are also all neck deep in VPN stuff ATM.

 

Has anyone had any experience running Anyconnect and the Akamai ETP client (think Umbrella competitor) together?  In our case, if a user has both, they do not work together.  That is to say when they startup Anyconnect and connect to our VPN, then they lose reachability to anything except the VPN headend.  If the user disables the ETP client, then everything starts to flow again.  I have not delved deeply into troubleshooting except to make sure that the ETP services were reachable through the VPN and disabling "tunnel-all-dns".  Neither of those seem to have fixed it.  I intend to test with more configuration tweaks, but just thought I would drop this here in case anyone has seen and fixed this problem.

 

FWIW, we are running full tunnel everything, and this ETP thing is new and is only causing problems for our limited set of ETP trial users on Windows.  Mac OS apparently works just fine.  I just now received a copy of the ETP client and some access to control the ETP client settings, so at least I can proceed with more thorough testing.

 

I feel like it could have something to do with the way AC handles DNS traffic differently.

 

Thank you for anything you've got, in particular, your time.

 

Regards,

Nathan

1 person had this problem
Labels:
1 Reply 1

Cristian Matei
VIP Alumni
VIP Alumni

‎03-19-2020 05:33 PM

Hi,

   

   AnyConnect works with Umbrella (which works), which behaves similar to Akamai ETP, from the DNS point of view.

 

  1. I understand you run full-tunnel AnyConnect? Disable "tunnel-all-dns".

  2. When both AnyConnect and ETP are active, can you reach anything through the VPN by IP address, not by name? Cause it may be a DNS issue, as ETP client gets installed, all DNS queries go to local loopback of 127.0.0.1 in order to be intercepted by ETP client. You should configure your internal domains in the ETP client, so that resolution for these domains will bypass the ETP client: https://learn.akamai.com/en-us/webhelp/enterprise-threat-protector/enterprise-threat-protector/GUID-778840B3-82D0-4BFB-A091-91AFFE48BA48.html

 

Regards,

Cristian Matei.

0 Helpful
Customers Also Viewed These Support Documents