cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4400
Views
4
Helpful
2
Replies

Anyconnect and Trusted Network Detection

m.duplessis
Level 1
Level 1

Hi,

We are trying to ensure that our remote access laptops cannot connect to network resources if they are on an Untrusted Network. They should only be allowed to connect to the ASA VPN.

We have all the authentication and group policies working, and can see that the policies are being sent by the ASA.

We have the following selected in the policy:

Automatic VPN Policy - Selected

     Trusted Network Policy: Disconnect

     Untrusted Network Policy: Connect

     Trusted DNS Domains: aaaaa.local,bbbbb.local

     Trusted DNS Servers: <dns1>,<dns2>,<dns3>,<dns4>,<dns5>

Always On - Selected

     Allow VPN Disconnect: Selected

     Connect Failure Policy: Closed

          Allow Captive Portal Remediation: Unselected

          Apply Last VPN Local Resource Rules: Unselected

I do have a server in the server list.

At the moment when i connect to the Internet (Untrusted) the policy appears to work fine, in that it wont allow me to connect to any local resource i.e web url, or ping the gateway. The ony thing i can do is connect to the vpn.

When however i connect it to our LAN (Trusted) the policy doesnt appear to detect that it is on a trusted network and wont allow me to connect to local resources.

The message history:

VPN Connecting

Contacting XXXXXX

Ready to connect.

Processing CRLS..

Connection attempt has failed

Unable to contact <fqdn>

Connection attempt has timed out. Please verify Internet connectivity

It may be necessary to connect via a proxy, which is not supported with Always On.

I assume the AnyConnect client should display a message if it has detected that it is on a Trusted network?

Any assistance?

Regards

Miron

2 Replies 2

Michael Wollner
Level 1
Level 1

Hello,

i have the same problem. AnyConnect 3.1.06xxx.

My Policy looks like:

Automatic VPN Policy - Selected

     Trusted Network Policy: Disconnect

     Untrusted Network Policy: Connect

     Trusted DNS Domains: *.domain.local

     Trusted DNS Servers: ,

Always On - Selected

     Allow VPN Disconnect: Selected

     Connect Failure Policy: Closed

          Allow Captive Portal Remediation: Selected

          Apply Last VPN Local Resource Rules: Unselected

If i connected to the Trusted Network i cannot reach any ressource on my Network. Is there a Bug? In a Untrusted Network everything looks fine.

mfg

Michael

Hallo,

the problem has been solved. The entry Trusted DNS Domains was wrong. Right Syntax of Domain List were:

     Trusted DNS Domains: *domain.local, domain*

mfg

Michael

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: