Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1383
Views
5
Helpful
4
Replies

We need to run two Anyconnect VPNs one inside the other

A00460610
Level 1
Level 1

‎10-11-2019 09:38 AM - edited ‎02-21-2020 09:46 PM

My organization uses AnyConnect as the only option to work remotly. We have a Cisco ASA inside the corporate network that gives access to another very protected subnetwork. When we are on the corporate network, we have no issue as we can launch a sigle Anyconnect client to connect to the subnetwork.

But when we work remotly the only work around that we have found is to connect our PC to the corporate VPN, launch a virtual windows 10 machine, and then launch a second anyconnect client to connect to our subnetwork. Any alternative suggestions?

This works, but it demands a lot of resources from our PCs + hyper-v issues. We have no control or access to eh corporate VPN infrastructure.

We've thought if we could use either another VPN client to connect to our subnetwork, or connect in some other way to our subnet. For security reasons VPN was selected as the way to connect (to our subnetwork) because each user receives a unique IP that can be traced, logged and monitored. 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-12-2019 04:54 AM

You cannot do nested Anyconnect connections.

You could have a second profile on the primary VPN connection that only allows access to the protected environment and has the necessary restrictions built into it the same as the internal one. So when users authorized to access the restricted environment need to connect remotely they use that profile exclusively.

A00460610
Level 1
Level 1
In response to Marvin Rhoads

‎10-14-2019 08:51 AM

Thank you for your answer, as I said we have no control over the corporate VPN (we are talking about a very large cooporation), so altering the first VPN or adding a new profile is not an option. I'm working on another solution with an alternate VPN client, I have posted the details here.

0 Helpful

A00460610
Level 1
Level 1
In response to Marvin Rhoads

‎10-14-2019 08:52 AM - edited ‎10-14-2019 08:53 AM

 
0 Helpful

A00460610
Level 1
Level 1

‎10-14-2019 08:49 AM - edited ‎10-14-2019 08:54 AM

Partially answering my own question. I installed Shrew VPN. I established the first VPN (corporate VPN) with Anyconnect and then used Shrew VPN to launch the second VPN, it worked!....but, the second VPN is not setting up the routes for interesting traffic. So it is connecting with the right IP address and all, but it is not capturing traffic that is supposed to go through that VPN...I'm trying to figure out why this is happening, or if I can set up the routes manually.

0 Helpful
Customers Also Viewed These Support Documents