cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3518
Views
0
Helpful
2
Replies

AnyConnect Bypass Always On VPN

Brian Koch
Level 1
Level 1

We are in the process of deploying Azure AD SSO with the Always On VPN enabled.  The Azure authentication never completes because the Always On feature is blocking access to the internet.  Is there a way to whitelist login.microsoftonline.com within the Always On configuration?

1 Accepted Solution

Accepted Solutions

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

   

    At this point, always-on VPN does not support exceptions, as it would defeat the purpose of its functionality. However, with more cloud deployments showing up, Cisco could make a change to this feature, if there is enough demand.

   Back to your problem, either stop using Always on VPN, or make the authentication happen without the user requiring Internet access; so the authentication scheme you're using needs to work so that the user provides the credentials to the ASA, within the negotiated tunnel, not outside the tunnel as this is prohibited.

 

Regards,

Cristian Matei.

View solution in original post

2 Replies 2

Octavian Szolga
Level 4
Level 4

Hi,

I don't think you'd be able to do that because always-on vpn basically drops all traffic except the vpn headend (ASA).

The user/admin guide for Anyconnect does not mention any whitelisting.

 

Best regards,

Octavian

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

   

    At this point, always-on VPN does not support exceptions, as it would defeat the purpose of its functionality. However, with more cloud deployments showing up, Cisco could make a change to this feature, if there is enough demand.

   Back to your problem, either stop using Always on VPN, or make the authentication happen without the user requiring Internet access; so the authentication scheme you're using needs to work so that the user provides the credentials to the ASA, within the negotiated tunnel, not outside the tunnel as this is prohibited.

 

Regards,

Cristian Matei.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: