AnyConnect Split Tunneling issue with STUN traffic
I'm experiencing a curious behaviour with AnyConnect split-tunneling.
In my setup, split-tunneling (split-exclude) is working perfectly fine for all FQDNs and subnets defined in the split ACL except for 2 subnets linked to Google Hangouts/Meet.
Reverse routes are correctly pushed on the Windows 10 computer but traffic still go through the VPN. In our front-end firewall we see that traffic as 'STUN' application.
By filtering this type of traffic on our front-end firewall, we see the first packets being denied in the logs and then traffic is correctly split-tunneled at home as expected (Google Meet switches to port 443 because STUN is now blocked).
I looked at some readings to know more about STUN protocol but to my understanding, any traffic defined in the split-exclude ACL should exit at the user's home internet connection whatever the port used.
We have the Endpoint purge to delete any thing over 365 days, but this wasn't working as standard since in was installedSo disabled and enabled again and this seem to fix it, as had just under 200k endpoints captured. But it removed all clients that ...
When we unregister FTD from FMC and re-register, all the static routes are lost on it. Sometimes device has database corruption, if re-image is the only solution then upon re-image, FTD comes up fresh and we need to configure everything from scra...
Hi,I have a very simple question; we have two ASA 5585-X working in Active/Standby Mode with multiuser Contexts.Normally Primary Unit is active for failover group 1 and 2; Secondary Unit is standby !At the moment our Secondary Unit is completely disconnec...
Meet the Authors Event - CCIE Security and Practical Applications in Today’s Network: Zero Trust
(Live event – Thursday, 29th, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 6:00 p.m. Paris)
This event will have place on Thursday 29th, October 2020 at 1...
My company uses Microsoft Azure AD, and I sign into all my applications using that account. Can I use that account when I sign in?
Yes - all applications that support SecureX sign-on allow direct login with your Microsoft Azure AD accou...