Solved: Re: Anyconnect Mgmt Tunnel

Terry · ‎07-11-2023

Hi, I have the Anyconnect management tunnel feature configured on FMC/FTD which is working as expected:

- Mgmt tunnel establishes before user logins into Windows

- After Windows login, mgmt tunnel remains up, but disconnects when the user tunnel is established

Is there a way to only have the mgmt tunnel establish before the user logs into Windows i.e. once the user logs into Windows the mgmt tunnel won't establish, even if the user tunnel is not connected?

Thanks

Aref Alsouqi · ‎07-11-2023

I think you can achieve that by relying on TND (Trusted Network Detection) but that would only work when the clients are on the corporate network. However, if you are trying to do that for the users located out of the corporate network then I don't believe that is possible.

View solution in original post

Pavan Gundu · ‎07-11-2023

Yeah, what Aref said, the definition of Management tunnel is to stay active as long as there is no user tunnel. We can't have management tunnel before the user logs in and then no management tunnel after the user logs in.

View solution in original post

Aref Alsouqi · ‎07-11-2023

I think you can achieve that by relying on TND (Trusted Network Detection) but that would only work when the clients are on the corporate network. However, if you are trying to do that for the users located out of the corporate network then I don't believe that is possible.

Pavan Gundu · ‎07-11-2023

Yeah, what Aref said, the definition of Management tunnel is to stay active as long as there is no user tunnel. We can't have management tunnel before the user logs in and then no management tunnel after the user logs in.

Terry · ‎07-12-2023

I thought that would be the case, but just wanted to double check that my understanding was correct and I wasn't missing anything.

I appreciate you both taking the time to reply.

Thanks