This mey be more of a Cisco Anyconnect question, than a Meraki question, but I have not yet been able to find an answer to this behaviour, and since it was on a Meraki MX I first discovered it, I'd might as well try here.
I am no expert in Cisco Anyconnect Secure Client, so I'm relying on others.
Lately I've been looking into integrating MFA with Okta and Cisco Anyconnect on a Meraki MX, with a customer. Some hours after our troubleshooting session, which went so-so, I noticed a bunch of TLS1.2 Connection Established followed by Connection Closed from my home public IP address, which more or less has continued throughout the weekend.
These two messages have continued many times during the weekend.
I have two Macbooks - a personal and a work machine, which I both used to test. Both machines have Secure Client installed, but neither of them were attempting to established a connection. I can not wrap my head around what is happening, but I have a theory that, in the Secure Client window, even though it is not opening a VPN connection what ever IP/hostname is in the Secure Client Server field, the client will continously test connectivity to that address? And that this test is a TLS1.2 handshake?
I seem to think that the messages with my public IP address didn't stop until I completely closed the Secure Client application on both macbooks.
Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂
All code is provided as is. Responsibility for Code execution is solely your own.