"Disconnect when You Log Off" - no option in AnyConnect?

Unanswered Question
Oct 8th, 2009

I like AnyConnect and I'm on the verge of purchasing some ASA's.

My last issue is I need the ability to have the VPN Session to survive a logoff in certain rare situations. (ie, the user cant remember their cached credentials, etc)

The frustrating part of this is it looks as if the option exists as part of the IPSEC Client. Does anyone know if this can work on the AnyConnect client? Why wouldnt they add this feature ? Please help as I am using a demo and dont think I can get official support through TAC.

I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Richard Burts Thu, 10/08/2009 - 11:51


I do not understand well what you are asking for. What does it really mean for "the VPN Session to survive a logoff in certain rare situations"?

And I am not clear what part of the IPSec client you are talking about that does this. Are you perhaps talking about the Start Before Logon capability (in which the PC will initiate the VPN connection before the PC gets to the Windows login)? If that is your question then the answer is Yes the Start Before Logon is supported in the AnyConnect client. I am installing some ASAs for a customer and we have the Start Before Logon working pretty well for the AnyConnect client.

If Start Before Logon is not what you are looking for, then can you clarify what it is that you are looking for?



jickfoo Thu, 10/08/2009 - 11:59

"Disconnect when You Log Off" is an option that you can enable/disable on the Cisco IPSEC client.

I basically want AnyConnect to run as a service. This way when users login to their laptops, if they do a LogOff (not a shutdown) the VPN session is still alive in the background.

This way if users forget their passwords, I can reset their passwords, have them log into a local profile, Connect to AnyConnect, Logoff, and Log back into their profile with the new password.

I dont want to use the GINA or the SBL unless it will run as an application.

Looks like this functionality exists in the IPSec client which is frustrating.



Richard Burts Thu, 10/08/2009 - 12:28


I had not been familiar with this option in the IPSec client. But I do see it now. I am now aware of seeing anything like this in the AnyConnect client.



jickfoo Fri, 10/09/2009 - 04:49

Just some more info:

AnyConnect does run as a service. When I log out of my pc, the ASA generates this log:

User IP SVC Message: 16/NOTICE: The user is logging off the system..

User IP SVC closing connection: User Requested.

any way to block this from happening ?

Christopher Ursich Mon, 07/12/2010 - 18:21

This is an option in the client-side profile.  In ASDM on ASA 8.2, look under AnyConnect Client Settings.

guillermoochoa Wed, 07/25/2012 - 15:26

I have some issues after i Log Off of my windows machine. What is happening is that after i log off, and log on, the any connect, wich has a configuration of always on, activates the "disconnect" buttom and as i said its configured as always on, the "disconnect buttom" should be deactivated.



This Discussion