AnyConnect Block Internal VPN

Solved
gs419
Conversationalist

AnyConnect Block Internal VPN

Does anyone have a solution with AnyConnect that won't allow users to VPN when they are already inside the network? This already happens at the main site but remote sites can VPN in over the Site to Site VPN.

 

Background Information 

3 separate Offices (A+B+C)

Site to Site VPN between all offices (A+B+C)

All users connect to office A through AnyConnect

 

Issue

Users from Office B connect at home and then bring the computer into Office B.

AnyConnect reconnects to Office A circumventing the site-to-site VPN. - Want to Avoid

 

 

1 Accepted Solution
CptnCrnch
Kind of a big deal
Kind of a big deal

Would it be possible within your setup to simply block connections to your RAVPN headend in Office A by using the firewall policy in Office B and C?

View solution in original post

3 Replies 3
CptnCrnch
Kind of a big deal
Kind of a big deal

Would it be possible within your setup to simply block connections to your RAVPN headend in Office A by using the firewall policy in Office B and C?

gs419
Conversationalist

That did it!

 

I should have thought of that! Thank you!

MicahBackwater
Conversationalist

Similar issue, different setup. We have an MX in our data center handling the VPN connections. We're using Forcepoint firewalls at all sites. When I am at the office and moving off-network to on, the AnyConnect client does not disconnect from the VPN, and we can still see traffic flowing over the connection. We are also able to connect to the VPN while on the corp network. Is there possibly some hook for the Forcepoint firewall we're missing that keeps the AnyConnect client from recognizing the trusted network?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels