Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
869
Views
5
Helpful
3
Replies

Cisco AnyConnect - Management Tunnel with no User Tunnel

Tony Greensmith
Level 1
Level 1

‎09-06-2022 01:43 AM - edited ‎09-06-2022 01:45 AM

Hello.

This is a fairly straight-forward question.  Is it possible to have a management tunnel profile without a user tunnel profile?  Or is it possible to have a management tunnel profile with a user tunnel profile but where the user tunnel profile is never auto initiated?

We are currently testing some configuration and have both a management and user tunnel profile setup.  The management tunnel establishes prior to Windows logon as expected, however once the user has logged in AnyConnect seems to want to auto initiate the user tunnel.  We do not want this behaviour.  We want the user to be able to choose when to establish the user tunnel, and shut it down when not needed (falling back to the management tunnel).

I cannot see anything detailing whether this is possible or not.  Any help appreciated.

Labels:
0 Helpful
3 Replies 3

rschlayer
Level 4
Level 4

‎09-06-2022 06:35 AM

Hi @Tony Greensmith 

normally the "auto connect" behaviour is configured in the AnyConnect Profile, check the trustet network connection settings in there.

"Trusted Network Detection (TND) gives you the ability to have AnyConnect automatically disconnect a VPN connection when the user is inside the corporate network (the trusted network) and start the VPN connection when the user is outside the corporate network (the untrusted network)."

See here https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html#id_100236

BR
Rick

0 Helpful

Tony Greensmith
Level 1
Level 1
In response to rschlayer

‎09-06-2022 08:13 AM

Hi Rick,

Thanks for the response.  So auto connect is not enabled in the user profile, the management profile cannot have auto connect.  These are the TND settings in both the management and user profiles.  I believe that the management ones often override the user ones anyway.  They are pretty simple.

Any further thoughts appreciated.

Preview file
38 KB
Preview file
41 KB
0 Helpful

Abhijith M S
Cisco Employee
Cisco Employee

‎09-13-2022 11:15 PM

Identical TND settings are recommended on both profiles. Please refer to CSCvu08033.

Customers Also Viewed These Support Documents