NPA Internet Access Issues

  • 1 August 2023
  • 4 replies

Badge +1

I'm doing a deploy of NPA across my environment and hitting a series of snags. 


The issue seems to be related to my Mac users having issues with DNS resolution or pages loading failures.  These are largely my SaaS based SSO apps but they can be anything.  We are using Duo Security for MFA but that has been added as an exception.  The problem is intermittent.  Some users experience it all the time, I only experience it periodically though it used to be all the time for me too.  All users are in the same Steering Configuration.  


We are all using MacOS Ventura so this may be related to the bug from last year.  


Best answer by clnicholson 16 October 2023, 19:00

View original

4 replies

Badge +15

@clnicholson ask your account SE to enable one of our controlled-access features for handling DoX. It has solved multiple NPA related issues relating to Mac's insistence on using DOH. 

Badge +1

Finally solved it.  We discovered that our current VPN client was causing TCP resets when it wasn't active, just installed.  Turns out that version of AnyConnect had a known defect.  Since we had not fully pushed NPA, we hadn't removed the client.  I've also observed the issue with OpenVPN which we'll have to keep around to support other folks, Mac and Windows users.  I'm working on how we can resolve that.  

Badge +15

@clnicholson glad to hear it. If you don't mind, what was the version of AnyConnect with the defect? Would be good to know in case anyone runs across it in the future.

Badge +1

Version 4.10.04065.  I've also just become aware that it's affecting OpenVPN clients.  Support has a ticket for that.