Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Anyconnect and Trusted Network Detection

Hi,

We are trying to ensure that our remote access laptops cannot connect to network resources if they are on an Untrusted Network. They should only be allowed to connect to the ASA VPN.

We have all the authentication and group policies working, and can see that the policies are being sent by the ASA.

We have the following selected in the policy:

Automatic VPN Policy - Selected

     Trusted Network Policy: Disconnect

     Untrusted Network Policy: Connect

     Trusted DNS Domains: aaaaa.local,bbbbb.local

     Trusted DNS Servers: <dns1>,<dns2>,<dns3>,<dns4>,<dns5>

Always On - Selected

     Allow VPN Disconnect: Selected

     Connect Failure Policy: Closed

          Allow Captive Portal Remediation: Unselected

          Apply Last VPN Local Resource Rules: Unselected

I do have a server in the server list.

At the moment when i connect to the Internet (Untrusted) the policy appears to work fine, in that it wont allow me to connect to any local resource i.e web url, or ping the gateway. The ony thing i can do is connect to the vpn.

When however i connect it to our LAN (Trusted) the policy doesnt appear to detect that it is on a trusted network and wont allow me to connect to local resources.

The message history:

VPN Connecting

Contacting XXXXXX

Ready to connect.

Processing CRLS..

Connection attempt has failed

Unable to contact <fqdn>

Connection attempt has timed out. Please verify Internet connectivity

It may be necessary to connect via a proxy, which is not supported with Always On.

I assume the AnyConnect client should display a message if it has detected that it is on a Trusted network?

Any assistance?

Regards

Miron

Everyone's tags (4)
2 REPLIES
New Member

Anyconnect and Trusted Network Detection

Hello,

i have the same problem. AnyConnect 3.1.06xxx.

My Policy looks like:

Automatic VPN Policy - Selected

     Trusted Network Policy: Disconnect

     Untrusted Network Policy: Connect

     Trusted DNS Domains: *.domain.local

     Trusted DNS Servers: ,

Always On - Selected

     Allow VPN Disconnect: Selected

     Connect Failure Policy: Closed

          Allow Captive Portal Remediation: Selected

          Apply Last VPN Local Resource Rules: Unselected

If i connected to the Trusted Network i cannot reach any ressource on my Network. Is there a Bug? In a Untrusted Network everything looks fine.

mfg

Michael

New Member

Anyconnect and Trusted Network Detection

Hallo,

the problem has been solved. The entry Trusted DNS Domains was wrong. Right Syntax of Domain List were:

     Trusted DNS Domains: *domain.local, domain*

mfg

Michael

2315
Views
4
Helpful
2
Replies