AnyConnect impacting traffic routes even when not connected?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2024
12:07 AM
- last edited on
01-28-2024
04:01 AM
by
rupeshah
we support multiple clients. Each having different VPNs. We are seeing this behaviour in our organization where even when Cisco AnyConnect is "not connected", but just sitting idle in the taskbar, the traffic starts showing up a different outbound IP (Singapore).
Has anyone seen this abnoxious behaviour?
And it's mostly showing up on Microsoft Sign-in activity and is driving our client's "Security" team nuts because as per their logs, we are accessing from "unauthorized" IPs.
- Labels:
-
Other VPN Topics
-
VPN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2024 12:30 AM
Its all depends on the deployment of AnyConnect.
is this outgoing traffic on all devices ? - investigate what traffic is this ? IP address belong to whom ?
we are accessing from "unauthorized" IPs.
This is not clear - the Traffic coming in to the devices or in to your network when the user in Camus Lan or user working from home ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2024 06:40 AM
@jamicahermes what AnyConnect modules do you have installed other than the VPN? If you have the AnyConnect Umbrella Roaming Security module the web traffic could be redirected to the Umbrella web proxies and egress from the Umbrella data centers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-28-2024 09:47 AM
when the issue is happening do you see the users connected to AnyConnect on the VPN headend?
Is this affecting all users at the client or a select few? Perhaps they have IP anonymizer installed on their PC?
Please remember to select a correct answer and rate helpful posts
