A developer is using Cisco AnyConnect to connect through a VPN to the DevNet Sandbox. Which AnyConnect preference would cause the connection to fail?
- Block Untrusted Connections
- Certificate Store Override
- Local Lan Access
- Use Start Before Login
Block Untrusted Connections:
- This preference enforces strict adherence to certificate validation policies.
- When enabled, AnyConnect will block connections to VPN servers that do not present a valid, trusted certificate.
- In a development or sandbox environment like the DevNet Sandbox, certificates may not always be signed by a trusted Certificate Authority (CA), leading to connections being blocked if this setting is enabled.
- This setting is crucial for ensuring security in production environments but can be problematic in development environments where certificate management is less stringent.
Certificate Store Override:
- This setting allows AnyConnect to use certificates from the machine’s certificate store instead of the user’s certificate store.
- It generally doesn’t impact the ability to connect unless there is a misconfiguration in certificate management between the user and machine stores.
Local LAN Access:
- This preference allows local network access while connected to the VPN.
- Enabling or disabling this typically doesn’t affect the ability to connect to the VPN itself but rather affects the access to local network resources while connected.
Use Start Before Login:
- This setting allows the VPN connection to be established before the user logs into the computer.
- It is useful for ensuring that domain policies and other login scripts can run over the VPN but does not usually impact the basic connectivity to the VPN.
In summary, “Block Untrusted Connections” is the most likely setting to cause a connection failure in a development environment due to potential issues with certificate trust.