07-09-2013 03:12 AM - edited 02-21-2020 07:00 PM
Hi,
We are trying to ensure that our remote access laptops cannot connect to network resources if they are on an Untrusted Network. They should only be allowed to connect to the ASA VPN.
We have all the authentication and group policies working, and can see that the policies are being sent by the ASA.
We have the following selected in the policy:
Automatic VPN Policy - Selected
Trusted Network Policy: Disconnect
Untrusted Network Policy: Connect
Trusted DNS Domains: aaaaa.local,bbbbb.local
Trusted DNS Servers: <dns1>,<dns2>,<dns3>,<dns4>,<dns5>
Always On - Selected
Allow VPN Disconnect: Selected
Connect Failure Policy: Closed
Allow Captive Portal Remediation: Unselected
Apply Last VPN Local Resource Rules: Unselected
I do have a server in the server list.
At the moment when i connect to the Internet (Untrusted) the policy appears to work fine, in that it wont allow me to connect to any local resource i.e web url, or ping the gateway. The ony thing i can do is connect to the vpn.
When however i connect it to our LAN (Trusted) the policy doesnt appear to detect that it is on a trusted network and wont allow me to connect to local resources.
The message history:
VPN Connecting
Contacting XXXXXX
Ready to connect.
Processing CRLS..
Connection attempt has failed
Unable to contact <fqdn>
Connection attempt has timed out. Please verify Internet connectivity
It may be necessary to connect via a proxy, which is not supported with Always On.
I assume the AnyConnect client should display a message if it has detected that it is on a Trusted network?
Any assistance?
Regards
Miron
09-12-2013 05:41 AM
Hello,
i have the same problem. AnyConnect 3.1.06xxx.
My Policy looks like:
Automatic VPN Policy - Selected
Trusted Network Policy: Disconnect
Untrusted Network Policy: Connect
Trusted DNS Domains: *.domain.local
Trusted DNS Servers:
Always On - Selected
Allow VPN Disconnect: Selected
Connect Failure Policy: Closed
Allow Captive Portal Remediation: Selected
Apply Last VPN Local Resource Rules: Unselected
If i connected to the Trusted Network i cannot reach any ressource on my Network. Is there a Bug? In a Untrusted Network everything looks fine.
mfg
Michael
09-13-2013 05:47 AM
Hallo,
the problem has been solved. The entry Trusted DNS Domains was wrong. Right Syntax of Domain List were:
Trusted DNS Domains: *domain.local, domain*
mfg
Michael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide