AnyConnect trusted network detection failing

Madura Malwatte · ‎05-23-2019

I have AC set up with 1 trusted dns domain and 4 trusted dns servers in the vpn profile. Its configured to start a VPN connection upon the detection of an untrusted network. Always-On feature is enabled. My machine is connected via ethernet to a 4g modem and this modem is connected wirelessly in to our mpls network. My machine is assigned a primary and secondary dns server (2 out of the 4 in the trusted list) and the same dns domain via dhcp, however it decides to connect to VPN, as it thinks its on a untrusted network.

When I look in the anyconnect.txt file in the dart bundle, I see a blank dns domain and no dns servers:

Date : 05/23/2019
Time : 10:05:54
Type : Information
Source : acvpnagent

Description : Function: CTND::getDataToCompareToTNDRule
File: TND.cpp
Line: 1957
Interface: 10.1.1.11, DNS Domains:
******************************************
Date : 05/23/2019
Time : 10:05:54
Type : Information
Source : acvpnagent
Description : Function: CTND::detectNetworkType
File: TND.cpp
Line: 477
Untrusted Network detected by legacy rules (Trusted DNS Domains,Trusted DNS Severs). No probe will be sent to trusted HTTPS server if configured.

I dont see the getDataToCompareToTNDRule function called to check the dns servers for some reason? Funnily when I do a ipconfig /all on the machine I can see it has the correct domain and the two dns servers. I can also reach the dns servers and resolve addresses using the 2 dns servers. However looks like AC doesn't detect the domain or dns servers. Has anyone seen an issue like this before?

Madura Malwatte · ‎05-23-2019

I read on another discussion someone saying that the dns assigned by dhcp to the client needs to match exactly the dns server list configured in the vpn profile, is that correct? so if my dns server list has 4 dns ip addresses, then my client also needs to have the same 4 ip addresses assigned as dns servers by dhcp?