Cisco AnyConnect connections fail with Endpoint Protection Web Traffic Redirection
Last Updated February 28, 2019
Cisco AnyConnect Secure Mobility Client SSL VPN connections fail when connecting through the Symantec Endpoint Protection (SEP) client Web Traffic Redirection (WTR).
The default policy used by the Cisco AnyConnect client does not allow connections through loopback proxies such as the SEP WTR Local Proxy Service (LPS).
There are multiple solutions for this problem. The solution you choose to implement will depend on your organization's policies, and preferences. To allow Cisco AnyConnect VPN clients to connect on computers running SEP WTR do one of hte following:
Configure the Cisco AnyConnect VPN client to connect directly to the VPN concentrator without using the SEP LPS proxy service.
Configure the Cisco AnyConnect VPN client to allow connections over a loopback proxy.
Note: Contact Cisco support if you require assistance configuring your Cisco AnyConnect polifies.
Configure AnyConnect to bypass the WSS proxy
Ensure your Cisco AnyConnect client policy is configured to ignore system proxy settings. The policy should include the following:
Configure AnyConnect to allow loopback proxy connections
Ensure your Cisco AnyConnect client's policy allows VPN connections over localhost proxy connections. The policy should include the following: