cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
482
Views
0
Helpful
2
Replies
Highlighted
Beginner

Trusted Network Detection - AnyConnect on FTD version 6.4

We're undertaking a migration from ASAs to FTD 2130 appliances. The current solution uses AnyConnect 4.7 and leverages Trusted Network Detection; the main driver being that users should not have to manually start the AnyConnect client and instead should detect the they're not on a company network and therefore start the VPN. 

 

The notes on AnyConnect 4.7 suggests that TND requires a Dynamic Access Policy which from what I understand is not supported under FTD yet.  

 

Does anyone have any other way of achieving this? 

 

Thanks. 

2 REPLIES 2
Highlighted
Hall of Fame Guru

TND should not require DAP but should instead rely on the setting in the VPN core module profile. I'm looking at this guide for that information:

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/200600-Install-and-Configure-Cisco-Network-Visi.html#anc19

The guide is for NVM (not supported for deployment from FTD) but the TND bit is associated with the VPN profile (without any mention of DAP).

I hope to try this in my lab to verify it.

Highlighted

Hi Marvin,

A colleague of mine also suspected this would be the case. We will be testing this for the customer during the course of the coming days so I too will keep you posted. 

 

Thanks, Anish