Cisco Cisco AnyConnect Secure Mobility Client v2.x Troubleshooting Guide
Remove HTTP commands on that interface so that the ASA will not listen to HTTP
connections on the interface.
connections on the interface.
●
Remove the SSL trustpoint on the interface.
●
Enable IKEV2 client-services.
●
Enable WebVPN on the interface.
●
This issue is resolved by Cisco bug ID
Caution: The same problem exists for Cisco IOS
®
routers. If ip http server is enabled on
Cisco IOS, which is required if the same box is used as the PKI Server, AnyConnect falsely
detects captive portal. The workaround is to use ip http access-class in order to stop
responses to AnyConnect HTTP requests, instead of requesting authentication.
detects captive portal. The workaround is to use ip http access-class in order to stop
responses to AnyConnect HTTP requests, instead of requesting authentication.
Disable the Captive Portal Feature
It is possible to disable the captive portal feature in AnyConnect client version 4.2.00096 and later
(see Cisco bug ID
(see Cisco bug ID
configurable or disabled. This option is available under the Preferences (Part 1) section in the
profile editor. The administrator can choose Disable Captive Portal Detection or User
Controllable as shown in this profile editor snapshot:
profile editor. The administrator can choose Disable Captive Portal Detection or User
Controllable as shown in this profile editor snapshot:
If User controllable is checked, the checkbox appears on the Preferences tab of the AnyConnect
Secure Mobility Client UI as shown here:
Secure Mobility Client UI as shown here: