Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
401
Views
0
Helpful
2
Replies

AnyConnect

Lance Wendel
Level 1
Level 1

‎08-08-2014 02:32 AM - edited ‎02-21-2020 07:46 PM

Hi all,

could someone advice/share knowledge on the below please?

 

once the device sleep/hibernate/dock/undock status changes, network status in AnyConnect is not good (not trusted in trusted network). Customer OS client is Windows 7 pro 64bits. This problem blocks user. To unblock it, the user must unplug/plug the RJ45 cable to solve it for example. Is it a problem with Windows 7 or with the version of AnyConnect (3.1.02040) or are there specific settings?
- To block network access, it's needed to have an unsuccessful VPN connection. Is there a remediation to block network access in non-trusted networks (after captive portal remediation) without unsuccessful VPN connection (to block our laptops) without a prompt or interactive popup or window for user?

 

thanks in advance

Lance

Labels:
0 Helpful
2 Replies 2

nkarthikeyan
Level 7
Level 7

‎08-08-2014 02:50 AM

Hi Lance,

 

If the VPN connection is being idle for certain time..... then definitely vpn connection will be getting disconnected and you have to reconnect, when this happens.... this is purely for security reasons.....

 

If you want to have strong secured VPN, then go with the strong authentication methods like radius / rsa token ... etc to protect from the un-authorized access.... also make the anyconnect vpn with tunnel all mode instead of split tunnel.... so all access should go via your network once they connect with anyconnect.... and another method is to set a virtual machine or system, from where your connects to VPN and can access only that server... from that server they can access all required applications... you can deny the copy/paste right from that virtual server.....

 

Regards

Karthik

0 Helpful

Lance Wendel
Level 1
Level 1
In response to nkarthikeyan

‎08-08-2014 04:42 AM

Hi Karthik,

thank you for the quick response.

I understand the AC will get disconnect after idle time expires, but, once wake up the connection should not be recognise as untrusted. so in other words this would be purely down to windows placing the connection as untrusted.

regards

Lance

0 Helpful
Customers Also Viewed These Support Documents