Anyconnect "Alway On" fail "Open" when disconnect

SOLVED
TS42
Conversationalist

Anyconnect "Alway On" fail "Open" when disconnect

I've configured the anyconnect "Always On" feature in the profile editor.

I've allowed disconnect.

I've allowed the fail to to "open".

But as soon as I click the disconnect button i lose all network activity.

 

I thought fail "open" would allow normal network connectivity.

--------------------------------------------------------------------------------------------------

<AlwaysOn>true
<ConnectFailurePolicy>Open
<AllowCaptivePortalRemediation>false
<CaptivePortalRemediationTimeout>5</CaptivePortalRemediationTimeout>
</AllowCaptivePortalRemediation>
<ApplyLastVPNLocalResourceRules>false</ApplyLastVPNLocalResourceRules>
</ConnectFailurePolicy>
<AllowVPNDisconnect>true</AllowVPNDisconnect>
</AlwaysOn>

--------------------------------------------------------------------------------------------------

1 ACCEPTED SOLUTION
TS42
Conversationalist

I opened a TAC case.

Unfortunately, changing the connect failure option does not change this behavior "an open connect failure policy does not apply if you enable the Disconnect button and the user clicks Disconnect," rather it only applies if the application itself fails to connect to the VPN.

View solution in original post

2 REPLIES 2
PhilipDAth
Kind of a big deal

I don't know the answer.

 

I'm trying to remember from the last time I did one, and I think that is the expected behaviour.

TS42
Conversationalist

I opened a TAC case.

Unfortunately, changing the connect failure option does not change this behavior "an open connect failure policy does not apply if you enable the Disconnect button and the user clicks Disconnect," rather it only applies if the application itself fails to connect to the VPN.

View solution in original post

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels