Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1741
Views
0
Helpful
0
Replies

AnyConnect Captive Portal Detection (http/dns redirect)

fabian.szalatnay
Level 1
Level 1

‎11-05-2015 05:03 AM - edited ‎02-21-2020 08:32 PM

Hi there

According to the following article...

-----------------------------

http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/118086-technote-anyconnect-00.html#anc9

AnyConnect Behavior

This section describes how the AnyConnect behaves.

  1. AnyConnect tries an HTTPS probe to the Fully Qualified Domain Name (FQDN) defined in the XML profile.

  2. If there is a certificate error (not trusted/wrong FQDN), then Anyconnect tries an HTTP probe to the FQDN defined in the XML profile. If there is any other response than a HTTP 302, then it considers itself to be behind a captive portal.

-----------------------------

...AnyConnect only recognises a Captive Portal if redirected by HTTP. No word about what happens with DNS redirects.

Microsoft uses www.msftncsi.com to detect connectivity, Google does it by checking http://clients3.google.com/generate_204. All DNS checks.

So is it true, that AnyConnect Portal Detection does not work in Hotspot/Hotel Environments where just DNS redirects are used?

Thanks

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents