cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1285
Views
0
Helpful
0
Replies

AnyConnect Captive Portal Detection (http/dns redirect)

fabian.szalatnay
Beginner
Beginner

Hi there

According to the following article...

-----------------------------

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118086-technote-anyconnect-00.html#anc9

AnyConnect Behavior

This section describes how the AnyConnect behaves.

  1. AnyConnect tries an HTTPS probe to the Fully Qualified Domain Name (FQDN) defined in the XML profile.

  2. If there is a certificate error (not trusted/wrong FQDN), then Anyconnect tries an HTTP probe to the FQDN defined in the XML profile. If there is any other response than a HTTP 302, then it considers itself to be behind a captive portal.

-----------------------------

...AnyConnect only recognises a Captive Portal if redirected by HTTP. No word about what happens with DNS redirects.

Microsoft uses www.msftncsi.com to detect connectivity, Google does it by checking http://clients3.google.com/generate_204. All DNS checks.

So is it true, that AnyConnect Portal Detection does not work in Hotspot/Hotel Environments where just DNS redirects are used?

Thanks

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers