Cisco AnyConnect

kcolgan · ‎03-30-2017

I am looking at implementing Cisco AnyConnect for our mobile users. One question that I have is will AnyConnect be active when the user is on the office and connected to the LAN? Or will AnyConnect always be on and force users to go out of the network then back in (thus creating extra hops).

Is there something where AnyConnect will detect to know that the device is on a company LAN.

Thank You!

Rahul Govindan · ‎03-30-2017

You can use the Anyconnect Trusted Network Detection feature to automatically disconnect when on an internal trusted network. The trusted network is detected based on dns and domain name.

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect44/administration/guide/b_AnyConnect_Administrator_Guide_4-4/configure-vpn.html#ID-1428-00000152

Richard Burts · ‎04-06-2017

Trusted Network Detection is a nice feature and certainly addresses the question in the original post. But it is not the only answer for that question about the behavior of AnyConnect. It is not necessary to configure AnyConnect to be always on. Most of the customers that I have worked with to implement AnyConnect do not configure it for always on. And in that case when a user is on the office LAN they do not start AnyConnect and that solves the issue.

HTH

Rick

HTH

Rick