Ask the community

NPA Internet Access Issues

clnicholson
New Contributor II

I'm doing a deploy of NPA across my environment and hitting a series of snags. 

 

The issue seems to be related to my Mac users having issues with DNS resolution or pages loading failures.  These are largely my SaaS based SSO apps but they can be anything.  We are using Duo Security for MFA but that has been added as an exception.  The problem is intermittent.  Some users experience it all the time, I only experience it periodically though it used to be all the time for me too.  All users are in the same Steering Configuration.  

 

We are all using MacOS Ventura so this may be related to the bug from last year.  

1 Solution
clnicholson
New Contributor II

Finally solved it.  We discovered that our current VPN client was causing TCP resets when it wasn't active, just installed.  Turns out that version of AnyConnect had a known defect.  Since we had not fully pushed NPA, we hadn't removed the client.  I've also observed the issue with OpenVPN which we'll have to keep around to support other folks, Mac and Windows users.  I'm working on how we can resolve that.  

View solution in original post

4 Replies 4
ryans
Netskope
Netskope

@clnicholson ask your account SE to enable one of our controlled-access features for handling DoX. It has solved multiple NPA related issues relating to Mac's insistence on using DOH. 

clnicholson
New Contributor II

Finally solved it.  We discovered that our current VPN client was causing TCP resets when it wasn't active, just installed.  Turns out that version of AnyConnect had a known defect.  Since we had not fully pushed NPA, we hadn't removed the client.  I've also observed the issue with OpenVPN which we'll have to keep around to support other folks, Mac and Windows users.  I'm working on how we can resolve that.  

ryans
Netskope
Netskope

@clnicholson glad to hear it. If you don't mind, what was the version of AnyConnect with the defect? Would be good to know in case anyone runs across it in the future.

clnicholson
New Contributor II

Version 4.10.04065.  I've also just become aware that it's affecting OpenVPN clients.  Support has a ticket for that.  

Subscribe

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In