Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1854
Views
0
Helpful
5
Replies

AnyConnect Secure Mobility Cliet - no local LAN/Internet while not connected to VPN

toxikas
Level 1
Level 1

‎10-10-2017 01:25 AM - edited ‎03-12-2019 04:36 AM

Hi ALL,

 

installed Cisco AnyConnect Secure Mobility Cliet Version 4.2.04018, succesfuly connected to VPN, can acces local/remote LANS and internet. but when I disconnect from VPN there is no LAN/internet

 

Pinging 192.168.5.15 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.

 

after manually stopping Cisco AnyConnect Secure Mobility Agent service LAN and internet comes back. this happens both on win7/10 machines.

 

cheers,

ks

Labels:
0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-10-2017 08:49 AM

I don't see a specific bugID related to your issue but Cisco recommends migrating off of any pre-4.4 release.

Do you have the ability to upgrade to a current AnyConnect like 4.5.02033 or 4.4.04030?

 

 

0 Helpful

toxikas
Level 1
Level 1
In response to Marvin Rhoads

‎10-16-2017 08:59 PM

upgraded to AnyConnect 4.5.02033 - same behaviour

 

cheers

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to toxikas

‎10-16-2017 09:31 PM

Do you have any other VPN clients installed on your computers? If so can you try disabling them?

 

If you have TAC support you can also open a case and generate a DART troubleshooting package for them to analyze.

0 Helpful

toxikas
Level 1
Level 1
In response to Marvin Rhoads

‎10-23-2017 10:24 PM

hi,

 

looks like feature :)

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-vpn.html#topic_BD02A53E0A714E23A56850698C830A6C :

About Always-On VPN:

The following AnyConnect options also need to be considered when enabling Always-On:

Allowing the user to Disconnect the Always-On VPN session: AnyConnect provides the ability for the user to disconnect Always-On VPN sessions. If you enable Allow VPN Disconnect, AnyConnect displays a Disconnect button upon the establishment of a VPN session. By default, the profile editor enables the Disconnect button when you enableAlways-On VPN.

 

Pressing the Disconnect button locks all interfaces to prevent data from leaking out and to protect the computer from internet access except for establishing a VPN session. Users of Always-On VPN sessions may want to click Disconnect so they can choose an alternative secure gateway due to performance issues with the current VPN session, or reconnection issues following the interruption of a VPN session.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to toxikas

‎10-23-2017 11:19 PM

Ah OK - you didn't mention earlier that you were setup for Always-On VPN. That's a relatively uncommon configuration so we don't usually ask about it straight away.

 

Thanks for letting us know the root cause.

0 Helpful
Customers Also Viewed These Support Documents