Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3966
Views
0
Helpful
2
Replies

Anyconnect bypass always on VPN - access to hosts while disconnected

Go to solution
bvj197222
Level 1
Level 1

‎02-02-2021 05:33 AM - edited ‎02-02-2021 05:35 AM

We are currently on ASAv 9.14.2, and we're using Anyconnect in 'Always On'. I am trying to allow access to some hosts with VPN disconnected but it's not working. I am configuring the AnyConnect Client profile-option 'Allow access to the following hosts with VPN disconnected" in the profile editor, see encl. But no matter what I can't get it to work. I have added the ip-address of two hosts, and to make sure DNS is not the problem I also added a couple of Google DNS'servers to the list.

I have disabled split tunneling for the group policy ('Send all DNS Lookups Through Tunnel'), even tho' I don't think it matters in this case as the group policy won't be applied until the client is connected. Any ideas?

 

I did find this article that says it's not possible, but I think that must be for an older version of ASA;

https://community.cisco.com/t5/vpn/anyconnect-bypass-always-on-vpn/m-p/4036897#M269980

Labels:
Preview file
87 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
bvj197222
Level 1
Level 1

‎02-03-2021 09:22 AM

I managed to solve this. I took a closer look at the release notes of the latest AnyConnect-clients. In order to get the "'Allow access to the following hosts with VPN disconnected" you need at least AnyConnect version 4.9.03047, as this feature was released in this version. We where running version 4.9.0109 which didn't support this feature. So - problem solved.

View solution in original post

0 Helpful

Go to solution
bvj197222
Level 1
Level 1
In response to bvj197222

‎02-11-2021 11:52 AM

One more thing; to see the option 'Allow access to the following hosts with VPN disconnected' in the ASDM-profile editor you need to upgrade the ASDM to 7.15(1)150. 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
bvj197222
Level 1
Level 1

‎02-03-2021 09:22 AM

I managed to solve this. I took a closer look at the release notes of the latest AnyConnect-clients. In order to get the "'Allow access to the following hosts with VPN disconnected" you need at least AnyConnect version 4.9.03047, as this feature was released in this version. We where running version 4.9.0109 which didn't support this feature. So - problem solved.

0 Helpful

Go to solution
bvj197222
Level 1
Level 1
In response to bvj197222

‎02-11-2021 11:52 AM

One more thing; to see the option 'Allow access to the following hosts with VPN disconnected' in the ASDM-profile editor you need to upgrade the ASDM to 7.15(1)150. 

0 Helpful
Customers Also Viewed These Support Documents