Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
731
Views
1
Helpful
1
Replies

Completely Disable Anyconnect on the 2nd NIC?

nwang
Level 1
Level 1

‎07-18-2023 01:56 AM - edited ‎07-18-2023 03:28 AM

We have Cisco Anyconnect installed on laptops. However, if VPN is connected, all the network traffic goes via VPN. I want Anyconnect only to use the 1st NIC for VPN, and the 2nd NIC for the local LAN access. I tried to untick "Network Access Manager Filter Driver" in the NIC properties, however it's not working. The routing table still shows the 2nd IP is managed by VPN.

The split tunneling is not enabled and can't be enabled from the client-side (I think this is due to the VPN policy).

How to resolve it?

Labels:
1 Reply 1

Cisco_Virtual_Engineer
Level 3
Level 3

‎07-20-2023 02:50 AM

To make AnyConnect use only the 1st NIC for VPN and the 2nd NIC for the local LAN access, you need to adjust several settings in the AnyConnect VPN Client profile. Here are the steps:

1. Open the VPN Profile Editor.
2. Go to the Preferences (Part 2) section.
3. Enable Always On.
4. Set the Connect Failure Policy to Closed.
5. Configure Captive Portal Remediation.
6. Select Allow Captive Portal Remediation.

By enabling Always On and setting the Connect Failure Policy to Closed, AnyConnect will auto-establish a VPN connection when the user logs in and will restrict network access if the VPN connection cannot be established. If a captive portal is detected, the user will need to perform remediation to gain network access. Note that Captive Portal Remediation must be explicitly enabled in the AnyConnect VPN Client profile if the Connect Failure Policy is set to Closed.

Ensure that the AnyConnect profiles loaded on the ASA have the correct server list configured, specifying the address of the secure gateway for VPN connections. This can be done using the VPN Profile Editor in the Server List section.

Additionally, you may need to adjust the network settings of the 1st and 2nd NICs on the client's computer to ensure correct routing of traffic. This might involve modifying the routing table or setting the IP addresses and subnet masks of the NICs.

Keep in mind, these steps can help define which network interface the AnyConnect client uses, but doesn't necessarily prevent the client's OS from deciding to route certain requests over the second NIC. This would depend on the OS's own routing rules outside of the control of the AnyConnect client.

This information was obtained from the [Cisco AnyConnect Secure Mobility Client Administrator Guide](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure-vpn.html).

If the issue persists, consider consulting with a network professional or Cisco Support for more specific guidance.
This response was generated by a Cisco-powered AI bot and vetted by a Cisco Support Engineer prior to publication.
This is part of a monitored experiment to see if the bot can help answer questions alongside community members. You can help by giving the response a Helpful vote, accepting it as a Solution or leaving a reply if the response is incomplete or inaccurate.
0 Helpful
Customers Also Viewed These Support Documents