06-02-2013 08:52 PM - edited 02-21-2020 06:56 PM
The company I work for uses Anyconnect to provide VPN services.
I'm wondering why Anyconnect 3.0.10055 triggers a Hosts File Access warning on Avira Anti-Virus on my Windows 7 64Bit PC? I tried turning the Avira protection off and then connecting and detected no changes to the file. Anyconnect connects fine even when Avira blocks access. Is Anyconnect opening it for write, but not writing?
On a separate note, why does Anyconnect use 6 ip addresses? What document should I read?
Thanks,
Bruce
Solved! Go to Solution.
06-06-2013 07:16 AM
Hi Bruce
as far as I understood, AC indeed modified the hosts file but just for a very short time during connection establishment.
To be more precise, after doing a DNS lookup of the head-end (ASA or router) it will rename the hosts file and create a new one that contains the result of the DNS lookup. This is to make sure that subsequent name lookups return the same ip address. When the connection is established, the original hosts file is restored.
Now, this is only important in scenarios where DNS load balancing is used, so where the DNS name you connect to potentially resolves to 2 or more different ip addresses. This could cause a problem if at different stages of the connection process we use different ip addresses, hence we store the first ip address in the hosts file.
So if you don't use VPN load balancing then you should not see any problem if the hosts file cannot be modified.
What 6 addresses are you referring to?
hth
Herbert
06-08-2013 12:35 PM
bruce bruce wrote:
The six addresses are 6 secured-routes in the route details tab. Does it have to do with how our SA arranged things at his end?
I see. Yes the secured-routes are defined by the head-end admin, all traffic destined to these addresses is encrypted and sent over the tunnel; all other traffic is not encrypted and just sent out the local interface.
This is called split-tunnel (as opposed to "tunnel-all" where all traffic is sent accross the tunnel).
Herbert
06-06-2013 07:16 AM
Hi Bruce
as far as I understood, AC indeed modified the hosts file but just for a very short time during connection establishment.
To be more precise, after doing a DNS lookup of the head-end (ASA or router) it will rename the hosts file and create a new one that contains the result of the DNS lookup. This is to make sure that subsequent name lookups return the same ip address. When the connection is established, the original hosts file is restored.
Now, this is only important in scenarios where DNS load balancing is used, so where the DNS name you connect to potentially resolves to 2 or more different ip addresses. This could cause a problem if at different stages of the connection process we use different ip addresses, hence we store the first ip address in the hosts file.
So if you don't use VPN load balancing then you should not see any problem if the hosts file cannot be modified.
What 6 addresses are you referring to?
hth
Herbert
06-08-2013 03:28 AM
Thanks for the explanation. Messing with the hosts file seems like a hack, but I expect you have your reasons. I'm glad I don't have a real issue with it affecting AnyConnect operation because I want to leave it protected.
The six addresses are 6 secured-routes in the route details tab. Does it have to do with how our SA arranged things at his end?
06-08-2013 12:35 PM
bruce bruce wrote:
The six addresses are 6 secured-routes in the route details tab. Does it have to do with how our SA arranged things at his end?
I see. Yes the secured-routes are defined by the head-end admin, all traffic destined to these addresses is encrypted and sent over the tunnel; all other traffic is not encrypted and just sent out the local interface.
This is called split-tunnel (as opposed to "tunnel-all" where all traffic is sent accross the tunnel).
Herbert
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide