Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Temporarily disabling Always-on?

Does anyone use Trusted network detection and Always-on with a failed close policy?  If so, how has the experience been?  Do you do anything to exempt some users either permanently or temporarily and if so, are you just using DAP/group policy to disable Always-on?  Do you do anything offline that wouldn't require a connection in order to disable it? 

We are starting to look at always-on but the concern is that we have some use cases where we don't want to force people to a VPN however some of these use cases does not warrant a full disabling of Always-on permanently or even every day.  Also, the DAP/GroupPolicy way of disabling it, from what I've tested, would require the person to first make a connection, match a DAP/groupPolicy to get it disabled, then disconnect.  Thats fine in some use cases but we wouldn't want some people to be disabled every time they log in.  The other use case is what if anyconnect is broken or there's some kind of issue where they cannot make a VPN connection first?

New Member

Bump!Did you roll out always


Did you roll out always-on? And did you find a good way to permanently exempt users from Always-on?