Hi,

We have a Cisco ASA5585 with AnyConnect SSL VPN configured, with Always On and Trusted Network Detection (*UKDOMAIN & defined certificate servers). The VPN client works fine, but when you connect a LAN cable in the VPN client should recognise it's on a trusted network and drop the VPN, however I can see that the Posture module starts the discovery process which seems to interfere with Trusted Network Detection.   We have 802.1x on the LAN with posture The issue being that Posture does not work unitl I manually disconnect the VPN.

Help am I missing a trick? I can't find any decent documentation which covers a situation where you have:-

1. 802.1x on the LAN with posture

2. VPN with Always on and TND working with osture

3. Moving a laptop from LAN to VPN works, but VPN to LAN the TND feature fails

Looking at the DART bundle it looks like switch on the LAN with the 802.1x config to support Posture, i..e "IP HTTP Server", is being seen by Anyconnect VPN client as being a captive portal .

If I connect the laptop from VPN to a switch with no 802.1x and no Posture configured (no ip http server) than TND works well.

How do I do posture on the LAN with VPN TND feature?

Regards Khalid