Meraki

Tintin

This problem happens on MacOS using version 5.1.7.80 of the Cisco Secure Client – not sure how it behaves on Windows or Linux.

If one stops sharing the internet connection from the phone to the computer which is connected to VPN using Cisco Secure Client before disconnecting the VPN connection on the computer first there will be some annoying behavior.

Cisco Secure Client tries to reconnect, but of course it can't since there is no connection to the internet.

At this stage eventually the ”Cisco Secure Client - Web Browser” brings up a window showing info about the Meraki security appliance:

Screenshot 2025-03-20 at 09.10.25.png

Now, if one tries to close that window it will come up again.

If once tries to disconnect the connection to the VPN in Cisco Secure Client via the app or the icon in the menu bar it disconnects, but after one gets connected back to the Wi-Fi network no sites can be browsed – in Chrome a ”ERR_INVALID_HANDLE” message comes up. One way to resolve it is to go to the System Settings and the network preferences for the network interface in use and ”Renew DHCP Lease” in the TCP/IP section.

I think the internet connection being cut off while being connected to the VPN should be handled better by the Cisco Secure Client. While people mostly disconnect the VPN connection before stopping the shared connection from the mobile phone it can happen that the connection gets cut off and then there is too much hassle to get back to being connected to the Internet via Wi-Fi.

PhilipDAth

This is one of the millions of settings your administrator can configure. They might have even marked it "User controllable", so you can configure the action in Cisco Secure Client yourself.

View solution in original post

PhilipDAth

This is one of the millions of settings your administrator can configure. They might have even marked it "User controllable", so you can configure the action in Cisco Secure Client yourself.

Tintin

Thanks for the reply!

I am in fact an admin! 🙂
But I don't know where i can find this option you show. It looks like the newer interface design in Meraki and I don't have that there in Security and SD-WAN -> Client VPN -> AnyConnect Settings. Or is it to be found somewhere else?

The appliance in this case is an MX100, so a bit old old.

PhilipDAth

I use the Secure Client Management portal for Asia Pacific located here:

https://secure-client.apjc.security.cisco.com/

But if you want to keep it all in the Merai portal, download the Secure Client Profile Editor:

Create your own profile, and upload it into the Meraki Dashboard.

https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Client_deployment#AnyC...

Tintin

Thanks!

I changed the AnyConnectProfile.xml directly – so it's like this:

<AutoReconnect UserControllable="false">false
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>
</AutoReconnect>

Works!
Better to have it like this I think, since it avoids the network issues we bumped into when Cisco Secure Client tried to auto-reconnect when the Internet connection was cut off.

Tintin

OK, that formatting above seems incorrect with no closing bracket there for ”AutoReconnect” – don't know why it has come out like that when we created the XML using the Secure Client Profile Editor on Windows (which my colleague initially did).

I think this is the correct formatting:

<AutoReconnect UserControllable="false">false</AutoReconnect>
<AutoReconnectBehavior UserControllable="false">ReconnectAfterResume</AutoReconnectBehavior>

Right?

PhilipDAth

This looks correct to me.

Meraki

Community

Cisco Secure Client and shared Internet connection (mobile phone) and behavior if that is cut off

Cisco Secure Client and shared Internet connection (mobile phone) and behavior if that is cut off