Cisco AnyConnect Network Interface not register to Windows 7 NLA (Network Location Awareness)

Unanswered Question

In Windows 7 it is possible to have multiple active windows firewall profiles. For example, a VPN interface can have the domain profile assigned while the physical interface can receive the public profile and be protected.

My problem is that the Cisco AnyConnect VPN client does not work this way, because the network adapater doesn`t register to Windows 7 NLA, it doesn't appear in the Network and Sharing Center in Windows 7 and thus will not get an associated firewall profile (manually or automatically).

In contrast, the Microsoft VPN Client registers as a network interface and get's the appropiate firewall profile.

Is there a workaround to solve this problem?


There is no problem to make a sslvpn connection to the ASA Firewall. I can make connections to internal hosts, servers etc.. Everything seems to be working fine at the first glance.

But there is one big problem:

A remote support session can not be made (over the sslvpn tunnel) to the client machine via on-board/third-party tools because the Windows 7 firewall drops the inbound traffic (For example RDP, VNC, TeamViewer etc.)! This behaviour is not acceptable...

I am deeply grateful for every post!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
robertamg Wed, 02/02/2011 - 06:15
User Badges:

We have the same problem!

No solution yet....

Please help!

conleya Wed, 02/23/2011 - 14:08
User Badges:

Same problem here.  Hopefully Cisco will fix this issue soon, it is holding up our deployment.

Herbert Baerten Wed, 02/23/2011 - 14:38
User Badges:
  • Cisco Employee,

There is an enhancement request for this:

CSCtf56523    Windows Network Location Awareness (NLA)

I suggest you contact your account manager or systems engineer at your local Cisco sales office as they can present your business case to the people who  decide what features get implemented in the next version.




This Discussion