I have Anyconnect premium clients connecting to my ASA 8.2(1) with Start Before Login which is working fine.
The new trusted Network Detection feature in 2.4 is something we would like to deploy. In testing, when we move a host pc from untrusted to trusted networks, we are finding that the TND does work but that it does not prevent the SBL gui from opening (which it is supposed to do). At this point, the host pc pauses for some time then returns an error saying 'VPN agent is not responding'. The host pc then crashes and has to be rebooted and logged in on the untrusted network before TND can be removed to allow any operation at all on the trusted network.
So it seems as if the anyconnect client is recognising that it is now on a trusted network and closing down the VPN agent service but it is not preventing SBL from operating, which is crashing because it cant contact the VPN agent service.
Has anyone else seen this behaviour before and can suggest a workaround or fix ? or have I found a bug ?
I have looked in the release notes and on TAC but with no luck.