Re: AnyConnect impacting traffic routes even when not connected?

jamicahermes · ‎01-28-2024

we support multiple clients. Each having different VPNs. We are seeing this behaviour in our organization where even when Cisco AnyConnect is "not connected", but just sitting idle in the taskbar, the traffic starts showing up a different outbound IP (Singapore).

Has anyone seen this abnoxious behaviour?

And it's mostly showing up on Microsoft Sign-in activity and is driving our client's "Security" team nuts because as per their logs, we are accessing from "unauthorized" IPs.

https://vlc.onl/

balaji.bandi · ‎01-28-2024

Its all depends on the deployment of AnyConnect.

is this outgoing traffic on all devices ? - investigate what traffic is this ? IP address belong to whom ?

we are accessing from "unauthorized" IPs.

This is not clear - the Traffic coming in to the devices or in to your network when the user in Camus Lan or user working from home ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Rob Ingram · ‎01-28-2024

@jamicahermes what AnyConnect modules do you have installed other than the VPN? If you have the AnyConnect Umbrella Roaming Security module the web traffic could be redirected to the Umbrella web proxies and egress from the Umbrella data centers.

Marius Gunnerud · ‎01-28-2024

when the issue is happening do you see the users connected to AnyConnect on the VPN headend?

Is this affecting all users at the client or a select few? Perhaps they have IP anonymizer installed on their PC?

--
Please remember to select a correct answer and rate helpful posts