Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3087
Views
0
Helpful
4
Replies

Anyconnect with windows firewall

dejuls
Level 1
Level 1

‎09-15-2021 01:56 AM

Hi all,  

Just having a battle with Cisco AnyConnect 4.10 and Windows Firewall.  

We are playing around with "blocking all outbound connections" in windows firewall on public and private networks. And allowing what we want through, so far being port TCP 80,443, 8443, UDP 53 443, 500,4500 and any some default rules.  

   

We were using AnyConnect 4.10 with "always on", but we have introduced Umbrella and would like users to be able to access the internet without the need to VPN in.   

 

So far, I am now able to surf the internet with and without VPN so thats working (TCP 80 and TCP 443), however I'm having issues with all other ports when connected to the VPN. I would have thought the domain firewall profile would have kicked in, but it seems as though the private/public firewall profile is still playing its role.    

I have tried whitelisting VPNAgent.exe as well but without much joy, so wondering if anyone else has tried this and had any luck?

 

 

Labels:
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎09-15-2021 02:11 AM

This required more information, is your end device use any proxy ? that is teh reason you able to get 80 and 443 access ?

 

when you connect VPN, then the IP may be different what may have your FW policies to give access to other resources.

 

you need to compare or contact network administrator(if you are the one) you need to look both side by side what is the difference  here ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

dejuls
Level 1
Level 1
In response to balaji.bandi

‎09-15-2021 02:34 AM

Thanks, or proxy solution is umbrella sig, using the client. 

 

My issue is what rules do I need to add to the windows firewall public/private profile  to allow it to access the vpn network.

If I remove the windows firewall rules for public and private networks then vpn access works and I'm able to access everything that I need to

0 Helpful

Mohammed al Baqari
Level 11
Level 11
In response to dejuls

‎09-15-2021 03:23 AM

Hi,

I am assuming you are applying the rules on AnyConnect adapter rather than
physical adapter cuz it will see only the encrypted traffic. Try this and
share your updates.


**** please remember to rate useful posts.
0 Helpful

dejuls
Level 1
Level 1
In response to Mohammed al Baqari

‎10-29-2021 08:12 AM

Thank you for thi,  this worked for my device

 

I see one device has it named as Ethernet 4, another device has the device named as ethernet 2, so would it be possible to rename the network adapter for AnyConnect on all devices to the same name?

0 Helpful
Customers Also Viewed These Support Documents