Hi BB and thank you for your comments. What I need to achieve is to redirect the AnyConnect connection requests to different port over same public IP address based on the FQDN prefix, say ac01.domain.com would go over to IP address 1.1.1.1 and port 4431, say ac02.domain.com would go over to 1.1.1.1:4432 and so on. For certain http, https, sip, etc. services whether tcp or udp it can be used SRV DNS record but would AnyConnect support it? I am currently doing some tests but it does not work so far.

I create SRV record:

Name: _http._tcp.ac01.domain.com.

Priority: 10
Weight: 0
Port: 4431
Target: sslvpn1.domain.com

And then create A record:

Name: sslvpn1.domain.com

Record: 1:1:1:1

And then trying to establish the AnyConnect session by using ac01.domain.com. Would it work this way?

Remy

Did you ever test this? My use case would be to have a primary and secondary Anyconnect connection (prod and DR) so if prod were unavailable it would fail to DR IP behind the SRV record.

Hello Danny,

In my question I was referring to SRV support to achieve port redirection based on the FQDN prefix. AnyConnect does not support SVR records. I think in your case it can be achieved with the AnyConnect profile that you can create on ASA ASDM where you can specify the primary and secondary server, I think you can specify even more servers if needed. Hope that helps.

Best regards,

Remi