Allow captive portal remediation
Many facilities that offer Wi-Fi and wired access, such as airports, coffee shops, and hotels, require the user to pay before obtaining access, agree to abide by an acceptable use policy, or both. These facilities use a technique called captive portal to prevent applications from connecting until the user opens a browser and accepts the conditions for access.
If always-on VPN is enabled, the connect failure policy is closed, captive portal remediation is disabled, and Anyconnect detects the presence of a captive portal, the AnyConnect GUI displays the following message once per connection and once per reconnect:
“The service provider in your current location is restricting access to the Internet.”
“The Anyconnect protection settings must be lowered for you to log on with the service provider. Your current enterprise security policy does not allow this.”
Captive portal detection is enabled by default, and is non-configurable
Captive portal remediation is the process of satisfying the requirements of a captive portal hotspot to obtain network access. By default, the connect failure policy prevents captive portal remediation because it restricts network access. You can configure AnyConnect to lift restricted access to let the user satisfy the captive portal requirements. You can also specify the duration for which the client lifts restricted access
If the connect failure policy is open, users can remediate captive portal requirements. The captive portal remediation feature applies only if the connect failure policy is closed and a captive portal is present.
KB Article
