Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
0
Replies

AnyConnect VPN Fail connection closed / captive portal question

dongill
Level 1
Level 1

‎06-10-2019 09:00 AM - edited ‎02-21-2020 09:40 PM

Hi,

 

I am evaluating AnyConnect v4.7 VPN for always on / remote access solution and the various  security controls.

 

From the documentation, it is not clear on how ”Connection Failed closed” mode with captive portal remediation functions in the network stack to deny access to web resources beyond a captive portal login page.

 

I need to understand this from a client security perspective.

 

From testing, when the feature is enabled and the client is behind captive portal...

1. It is possible to navigate to the captive portal

2. Once logged into a captive portal, if I cancel /disconnect the VPN connection it is not possible to browse the web via browser (browser shows unable to resolve IP).

3. It is possible to do dns lookups via command line when in this state.

 

For Points 1 & 2, Can anyone provide info on how this works?

- Does anyconnect track captive portal URL/IP/Packet TTL to only permit access to captive portal page (and ASA vpn gateway IP)

 

For Point 3 - does anyconnect intercept DNS requests from the browser / WinINET to prevent the user  from freely browsing?

 

Any assistance would be greatly appreciated so I can understand how these features can protect our clients and understand any potential incompatibilities with other client software.

 

Thanks

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents