cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15679
Views
10
Helpful
15
Replies

Yosemite, iPhone Hotspot and Cisco AnyConnect

gavinharper13
Level 1
Level 1

We seem to have an issue with Cisco Anyconnect, Yosemite and iPhone hotspots, only when you add them all together. Using the iPhone as a hotspot, works fine. As soon as you connect the VPN, using Cisco Anyconnect Mobility Client, all network traffic stops, you cant ping anything, local or on the web.

 

Now, if we connect to a android phone as a hotspot, or a different wireless network, and use Cisco Anyconnect, it works fine, no issues. 

 

This has only started to happen when we updated to Yosemite. When we use the iPhone as a hotspot and have VPN connectedetc/resolv.conf cant be found. Disconnect the VPN, or use an android phone, any other network connection and it can be found!

 

The iPhone is up to date, Yosemite is up todate and so is the Cisco client. 

 

Any ideas?

15 Replies 15

 

I've been having this problem too.  I'm not sure this would work for every circumstance but I found a solution for my particular case.

Mac OS X Sierra using an iPhone 6s for tethering.  Anyconnect 4.3.02, ASA 5506-X 9.6(3)

 

This article is very helpful in explaining some of the complexity.  

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116016-technote-AnyConnect-00.html

 

I only wanted DNS to be public, but apparently there is a bug (described above) that doesn't allow that.  So you have to send a public DNS server to your client.  If you don't do this you will find your /etc/resolv.conf empty when the VPN is connected.  If you do set a public DNS server like 8.8.8.8 it will automatically include the secure route to your client so you can tunnel it.  There is an option to split tunnel and not send traffic for 8.8.8.8 through the tunnel but that apparently doesn't work on these versions of code apple/cisco.  So I allowed the DNS traffic through the tunnel but in my case initially was dropping it due to misconfigured NAT rules.  Once that was fixed I am able to resolve DNS names using a public DNS server although the tunnel.  If you had DNS at your site you could put your private DNS server in place of 8.8.8.8 and enable recursion I suppose.  Hope this helps someone.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: