Trusted Network Detection With AnyConnect 2.5

djiguidjik · ‎12-16-2010

Hi!

I have set up an Anyconnect vpn connection with Anyconnect in version 2.5 and a 5510 ASA in version 8.2.3. Everything works fine but now I'm trying to implement Trusted Network Detection and it doesn't work at all...

I've done everything explained in the documentation :

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac03features.html#wp1207941

and, when the computer starts, anyconnect is connecting (even if it's on the trusted network) and it's never disconnecting like it's configured in the TND profile...

Please, can someone help me, i've been on this for days now...

I've enclosed the XML profile that i've created...Am I missing something? it's driving me crazy now..!

Thanks for any help

Yudong Wu · ‎12-16-2010

<TrustedDNSDomains>cjs.localTrustedDNSDomains>

<TrustedDNSServers>192.168.12.17,172.18.114.243TrustedDNSServers>

If I remember correctly, TND will try to match both DNS domain name and dns server list.

Did you include all of your DNS server in the above list?

You can capture a DART file to see what happens

djiguidjik · ‎12-16-2010

Hi,

Yep, I've put all my DNS servers inside (even in the order which they appear) and it's also the right DNS suffix. But it's weird because it seems to work on Windows 7..I was trying on Win XP and didn't work at all but on 7 I'm not sure...

A weird thing also is that if I disconnect the ssl session, anyconnect will reestablish the session 10 minutes after (if I'm not on the trusted network it seems)...Shouldn't this occur only if the "Always On" function was activated ?? I'm a little lost :s