Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4518
Views
0
Helpful
3
Replies

Anyconnect Internet

jpdeboer1
Level 1
Level 1

‎07-17-2017 05:18 AM - edited ‎02-21-2020 09:22 PM

Hi,

We have anyconnect running for remote users, anyconnect is configured to tunnel all traffic. Users have internet access over VPN. This anyconnect is only used to give the users secure access to the internet.

Now we would like to only allow internet access when they have VPN connection, so whenever VPN tunnel is down, internet access should be blocked. I now that certain providers have a kill-switch option, this will block internet access when VPN is down. 

I would like to do the same with cisco anyconnect, does anyone of you guys know a way to block internet access when anyconnect VPN is down ?

Thanks in advance!!

Br,

JP

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-17-2017 08:32 AM

I don't think you can do that. AnyConnect VPN can only enforce policy when it is connected. Even AnyConnect Network Access Module (NAM) doesnt have that ability as far as I know.

You can restrict access with Umbrella but not block Internet altogether.

0 Helpful

Rahul Govindan
VIP Alumni
VIP Alumni
In response to Marvin Rhoads

‎07-17-2017 06:20 PM

Marvin is right, there is no setting to block internet access when you disconnect fro m VPN. But you could use the AlwaysOn and Trusted network detection feature of Anyconnect. This automatically connects to VPN headend when on an untrusted network. If for some reason, the vpn is not established, you can set a closed policy so as to prevent all other network communication till vpn is established. Reference: 

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-vpn.html#topic_B7594DE16F3A476899D088DA760A34AB

"A closed policy disables all network connectivity until the VPN session is established. AnyConnect does this by enabling packet filters that block all traffic from the endpoint that is not bound for a secure gateway to which the computer is allowed to connect."

Might not be exactly what you are looking for, but may be something you can look into. 

0 Helpful

jpdeboer1
Level 1
Level 1
In response to Rahul Govindan

‎07-17-2017 11:52 PM

Marvin, Rahul, Thank you both for your time and replie on this question!!

That closed policy looks promising and something we are looking for. Users are not allowed to connect to the internet whenever VPN is down, so that can happen with a closed policy.

I will read more on this, to see what best practice setup would be to accomplish this and will also run some tests.

Ill let you know if i have more questions about this!

Thanks again! 

0 Helpful
Customers Also Viewed These Support Documents