Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
686
Views
5
Helpful
2
Replies

Roaming Security Module not protected when AnyConnect VPN not connected

N3t W0rK3r
Level 3
Level 3

‎06-03-2019 05:46 PM

Our corporate laptops run AnyConnect 4.7 with the VPN and Umbrella Roaming Security modules (not the standalone URC).  We enforce an always vpn policy, but before the user connects to the VPN, I have noticed (with a Wireshark capture) that the Umbrella module of AC is reporting that it is not protected, and instead, the laptop sends out DNS queries (for corporate LAN resources) out to whatever DNS is configured on the local LAN instead of sending this to the Umbrella cloud. When the VPN is established, the URS module communicates fine with the corporate UVA's as expected.

Why does this behavior occur? Is this a bug, or a configuration oversight on my part?

Prior to deploying AC to the laptops, they had the standalone URC installed, and this worked just fine when working off the corporate LAN.  Does the URS module of AnyConnect not work the same way?

 

Thanks in advance.

 

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-03-2019 09:13 PM

The AnyConnect Umbrella Roaming Client should work with or without the VPN beng connected. I've not used it in conjunction with Always-On VPN feature; but I've used it otherwise since it was first released and it always has behaved properly in my experience.

N3t W0rK3r
Level 3
Level 3
In response to Marvin Rhoads

‎06-04-2019 03:56 AM

Thanks Marvin.

I think I may try to uninstall AC altogether and then reinstall the standalone URC and then install AC without the URS module and see how that combination behaves.

If it behaves differently (positively), then I'll probably open a case with TAC for further investigation.

Thanks again.


John

 

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents