- 
				ICHAPMAN
- Novice
- Posts: 6
- Liked: 4 times
- Joined: Jun 09, 2011 1:50 pm
- Full Name: Iain Chapman
- Contact:
V3 - Restrict VPN connections and Cisco AnyConnect
Hi,
I've updated the latest V3 product mainly in the hope that I could 'control' it better when using a VPN connection.
After upgrading I've activated the "Restrict VPN connections usage" option, thinking that when I was using a VPN connection no backup would run. Yet when using our Cisco AnyConnect VPN service, my backup continues to take place just as it did in the V2 product.
Is my understanding of the "Restrict VPN connections usage" wrong?. Should this option be able to detect a VPN when using Cisco AnyConnect?.
Thank you
Iain .
			
			
									
						
										
						I've updated the latest V3 product mainly in the hope that I could 'control' it better when using a VPN connection.
After upgrading I've activated the "Restrict VPN connections usage" option, thinking that when I was using a VPN connection no backup would run. Yet when using our Cisco AnyConnect VPN service, my backup continues to take place just as it did in the V2 product.
Is my understanding of the "Restrict VPN connections usage" wrong?. Should this option be able to detect a VPN when using Cisco AnyConnect?.
Thank you
Iain .
- 
				HannesK
- Product Manager
- Posts: 15593
- Liked: 3439 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hello,
Let me check how we detect VPN connections and whether it would help to create a support case.
As a workaround my customers used in the past: they just did not allow connections the backup-server in the VPN configuration or added a rule in the windows firewall.
Best regards,
Hannes
			
			
									
						
										
						Let me check how we detect VPN connections and whether it would help to create a support case.
As a workaround my customers used in the past: they just did not allow connections the backup-server in the VPN configuration or added a rule in the windows firewall.
Best regards,
Hannes
- 
				ICHAPMAN
- Novice
- Posts: 6
- Liked: 4 times
- Joined: Jun 09, 2011 1:50 pm
- Full Name: Iain Chapman
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hello Hannes,
Thank you for the reply. We have also previously blocked access to the IP of the backup unit to work around this issue. I was just hoping that this would be a better solution, which would perhaps prevent the "failed" backup notice that we currently experience in this situation.
Thanks
Iain.
			
			
									
						
										
						Thank you for the reply. We have also previously blocked access to the IP of the backup unit to work around this issue. I was just hoping that this would be a better solution, which would perhaps prevent the "failed" backup notice that we currently experience in this situation.
Thanks
Iain.
- 
				Dima P.
- Product Manager
- Posts: 14941
- Liked: 1831 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hello Iain,
I am afraid some implementations of VPN wont work as we mostly reply on MS Windows APIs to detect if that's VPN or not . To be absolutely sure I'll check it with RnD team and update this thread with investigation results. Thank!
			
			
									
						
										
						I am afraid some implementations of VPN wont work as we mostly reply on MS Windows APIs to detect if that's VPN or not . To be absolutely sure I'll check it with RnD team and update this thread with investigation results. Thank!
- 
				Gostev
- Chief Product Officer
- Posts: 32746
- Liked: 7962 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Dima, if this is confirmed - let's consider detecting top 3 market-leading corporate VPN implementations, such as Cisco AnyConnect. Otherwise, this whole feature is going to be quite useless for the majority of customers. Thanks!
			
			
									
						
										
						- 
				wayne7215
- Influencer
- Posts: 23
- Liked: 7 times
- Joined: Oct 07, 2016 8:37 am
- Location: Switzerland
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
OMG! We waited as well until V3 and get this "Restrict VPN connections usage" functionality, but hey, who the hell is using the Microsoft VPN? In our case it's Fortinet, so do we have to wait until V7 to get such a basic function, no backup through WAN connections?   
 
Most important Veeam is changing the license model to Instances to earn more money, sometimes it would also be nice to get the product improved
			
			
									
						
										
						 
 Most important Veeam is changing the license model to Instances to earn more money, sometimes it would also be nice to get the product improved

- 
				Dima P.
- Product Manager
- Posts: 14941
- Liked: 1831 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
I was not correct with my last post, sorry for that. We perform a check of assigned NIC, specifically - Network Interface Type. Based on the check result we detect if that's VPN connection or not.
If you see that your VPN is not being detected (backup job works when you are connected over VPN despite 'Restrict VPN connections usage' being checked) please:
1. Open a support case and share the case ID as we want to be completely sure about the root cause of your issue and most likely we will need debug logs anyway.
2. Name your VPN client
3. If possible execute the following PowerShell script on the affected machine and share the output
			
			
									
						
										
						If you see that your VPN is not being detected (backup job works when you are connected over VPN despite 'Restrict VPN connections usage' being checked) please:
1. Open a support case and share the case ID as we want to be completely sure about the root cause of your issue and most likely we will need debug logs anyway.
2. Name your VPN client
3. If possible execute the following PowerShell script on the affected machine and share the output
Code: Select all
[System.Net.NetworkInformation.NetworkInterface]::GetAllNetworkInterfaces() | ? {$_.name -eq “InterfaceName”} | Select -Property NetworkInterfaceType- 
				Gostev
- Chief Product Officer
- Posts: 32746
- Liked: 7962 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
This is somehow the biggest misconception about U4. License model did not change, nor subscription pricing - which remained the same as when it was first introduced a few years ago. The ONLY change is how license counters look (and the fact that instance license file is portable and can be used with any Veeam product).
- 
				ICHAPMAN
- Novice
- Posts: 6
- Liked: 4 times
- Joined: Jun 09, 2011 1:50 pm
- Full Name: Iain Chapman
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hello Gostav / Dima P,
Sorry to come back to this older conversation.
As you suggest I have now opened a support case to advise that 3.0.2.1170 still backups up over a VPN connection when used with the Cisco AnyConnect client. This is case number 03833172.
I could now workout the Powershell command that you posted, but below is the information that I believe you were looking for:
Id : {D59E37A7-FD27-4203-8955-0792A57EBCE4}
Name : Ethernet 2
Description : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
NetworkInterfaceType : Ethernet
OperationalStatus : Up
Speed : 862366500
IsReceiveOnly : False
SupportsMulticast : True
I have included this with the support case.
Hopefully this can help you blocked backups from occurring when the Cisco AnyConnect VPN client is used in a later release.
Thank you
Iain
			
			
									
						
										
						Sorry to come back to this older conversation.
As you suggest I have now opened a support case to advise that 3.0.2.1170 still backups up over a VPN connection when used with the Cisco AnyConnect client. This is case number 03833172.
I could now workout the Powershell command that you posted, but below is the information that I believe you were looking for:
Id : {D59E37A7-FD27-4203-8955-0792A57EBCE4}
Name : Ethernet 2
Description : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
NetworkInterfaceType : Ethernet
OperationalStatus : Up
Speed : 862366500
IsReceiveOnly : False
SupportsMulticast : True
I have included this with the support case.
Hopefully this can help you blocked backups from occurring when the Cisco AnyConnect VPN client is used in a later release.
Thank you
Iain
- 
				Dima P.
- Product Manager
- Posts: 14941
- Liked: 1831 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hello Iain,
Thank you for sharing the results. I've added your notes to the improvement request to support Cisco AnyConnect VPN. Cheers!
			
			
									
						
										
						Thank you for sharing the results. I've added your notes to the improvement request to support Cisco AnyConnect VPN. Cheers!
- 
				ICHAPMAN
- Novice
- Posts: 6
- Liked: 4 times
- Joined: Jun 09, 2011 1:50 pm
- Full Name: Iain Chapman
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hi,
Coming back to this topic - does the V4 product include any better support for other VPN adaptors - such as Cisco AnyConnect?.
Thanks
Iain
			
			
									
						
										
						Coming back to this topic - does the V4 product include any better support for other VPN adaptors - such as Cisco AnyConnect?.
Thanks
Iain
- 
				Egor Yakovlev
- Product Manager
- Posts: 2632
- Liked: 752 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hi Iain,
Additional VPN providers(including Cisco AnyConnect) will be added to "VPN detection engine" in the next agent version(VAW v5).
Thanks!
			
			
									
						
										
						Additional VPN providers(including Cisco AnyConnect) will be added to "VPN detection engine" in the next agent version(VAW v5).
Thanks!
- 
				NightBird
- Veteran
- Posts: 269
- Liked: 59 times
- Joined: Apr 28, 2009 8:33 am
- Location: Strasbourg, FRANCE
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hello,
I think the main vendors should be added, Cisco, Pulse Secure, Fortinet
			
			
									
						
										
						I think the main vendors should be added, Cisco, Pulse Secure, Fortinet
- 
				ICHAPMAN
- Novice
- Posts: 6
- Liked: 4 times
- Joined: Jun 09, 2011 1:50 pm
- Full Name: Iain Chapman
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Hi Egor,
Thanks for the reply.
Given that v4 was only released in February 2020 - should I assume that any v5 release won't be before fiscal Q4 2021?
Thanks
Iain
			
			
									
						
										
						Thanks for the reply.
Given that v4 was only released in February 2020 - should I assume that any v5 release won't be before fiscal Q4 2021?
Thanks
Iain
- 
				Egor Yakovlev
- Product Manager
- Posts: 2632
- Liked: 752 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Cannot estimate release date. It will be out "When it is ready"(c).
/Cheers!
			
			
									
						
										
						/Cheers!
- 
				Gostev
- Chief Product Officer
- Posts: 32746
- Liked: 7962 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
Our major release cadence is annual, so more like Q4 2020 / Q1 2021.
			
			
									
						
										
						- 
				andrie
- Service Provider
- Posts: 30
- Liked: 8 times
- Joined: Nov 20, 2015 12:37 pm
- Full Name: Andy
- Contact:
Re: V3 - Restrict VPN connections and Cisco AnyConnect
This is probably one of the bigger problems now when everyone is working from home. We are blocking the ports used by the agent on our firewall to prevent the backups blocking the company's internet connection.
We are using the Sophos SSL client, which is just a rebranded OpenSSL VPN client.
			
			
									
						
										
						We are using the Sophos SSL client, which is just a rebranded OpenSSL VPN client.
Who is online
Users browsing this forum: Amazon [Bot], Bing [Bot] and 9 guests