Solved: Re: Connecting from VPN to Wireless to LAN

Anthony O'Reilly · ‎10-27-2021

Hi,

Our laptops have three ways of connecting to the network

VPN
Wireless
LAN

VPN is used on site via a 5G adapter when there are no access points or LAN port. We have noticed that when a user is hopping from the LAN to Wireless (and vice-versa) and from VPN to LAN (and vice-versa), the VPN doesn't drop, it stays connected.

VPN over 5G is routing over an ASA FW and then onto ISE where as the Wireless and LAN connectivity is straight through to ISE.

Is there a way of giving the LAN adapter a priority, so that when it is in use (after going from VPN or Wireless), the VPN will disconnect? Is this a configuration on the ASA or on AnyConnect or somewhere else?

Thanks,

Rob Ingram · ‎10-27-2021

Hi @Anthony O'Reilly you should use AnyConnect Trusted Network Detection (TND), which will disconnect the VPN when on the corporate network.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/configure_vpn.html#id_100236

https://community.cisco.com/t5/security-documents/anyconnect-trusted-network-detection-tnd-and-always-on/ta-p/3125277

View solution in original post

Rob Ingram · ‎10-27-2021

Hi @Anthony O'Reilly you should use AnyConnect Trusted Network Detection (TND), which will disconnect the VPN when on the corporate network.

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/configure_vpn.html#id_100236

https://community.cisco.com/t5/security-documents/anyconnect-trusted-network-detection-tnd-and-always-on/ta-p/3125277