02-02-2021 05:33 AM - edited 02-02-2021 05:35 AM
We are currently on ASAv 9.14.2, and we're using Anyconnect in 'Always On'. I am trying to allow access to some hosts with VPN disconnected but it's not working. I am configuring the AnyConnect Client profile-option 'Allow access to the following hosts with VPN disconnected" in the profile editor, see encl. But no matter what I can't get it to work. I have added the ip-address of two hosts, and to make sure DNS is not the problem I also added a couple of Google DNS'servers to the list.
I have disabled split tunneling for the group policy ('Send all DNS Lookups Through Tunnel'), even tho' I don't think it matters in this case as the group policy won't be applied until the client is connected. Any ideas?
I did find this article that says it's not possible, but I think that must be for an older version of ASA;
https://community.cisco.com/t5/vpn/anyconnect-bypass-always-on-vpn/m-p/4036897#M269980
Solved! Go to Solution.
02-03-2021 09:22 AM
I managed to solve this. I took a closer look at the release notes of the latest AnyConnect-clients. In order to get the "'Allow access to the following hosts with VPN disconnected" you need at least AnyConnect version 4.9.03047, as this feature was released in this version. We where running version 4.9.0109 which didn't support this feature. So - problem solved.
02-11-2021 11:52 AM
One more thing; to see the option 'Allow access to the following hosts with VPN disconnected' in the ASDM-profile editor you need to upgrade the ASDM to 7.15(1)150.
02-03-2021 09:22 AM
I managed to solve this. I took a closer look at the release notes of the latest AnyConnect-clients. In order to get the "'Allow access to the following hosts with VPN disconnected" you need at least AnyConnect version 4.9.03047, as this feature was released in this version. We where running version 4.9.0109 which didn't support this feature. So - problem solved.
02-11-2021 11:52 AM
One more thing; to see the option 'Allow access to the following hosts with VPN disconnected' in the ASDM-profile editor you need to upgrade the ASDM to 7.15(1)150.
11-24-2024 03:27 AM
Very helpful !!Thank you for you share!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide