Yes, there are several fixes you can try to restore internet access when Cisco AnyConnect can’t access the internet.
If you’re reading this, you’re probably staring at a disconnected browser window while your VPN shows a connected status. Let’s fix it step by step, with practical, real-life checks you can do today. And if you want extra security while you troubleshoot, consider checking out NordVPN—it’s easy to use as a fallback, and you can see the badge below. 
Useful resources text only:
– Cisco AnyConnect official support – cisco.com
– AnyConnect Secure Mobility Client – en.wikipedia.org/wiki/VPN
– DNS basics for troubleshooting – en.wikipedia.org/wiki/Domain_Name_System
– Windows network reset commands – support.microsoft.com
– macOS network diagnostics – support.apple.com
Introduction: what you’ll learn
– Quick fixes you can apply in minutes to get back online
– Why VPNs can cut off internet access and how to fix both DNS and routing issues
– How to adjust AnyConnect settings for split tunnel or full tunnel scenarios
– Specific steps for Windows and macOS, plus common home-network tweaks
– A thorough FAQ with 10+ practical questions and answers
If you’re new to Cisco AnyConnect, a quick orientation: the “internet access” problem usually isn’t the VPN server being down. It’s most often about how traffic is routed once you’re connected, how DNS is resolved while the tunnel is active, or a local conflict with firewall rules, proxies, or IPv6 settings. With the right sequence, you can usually restore normal browsing within 10–20 minutes.
Body
1 Quick checks before you dig deeper
– Confirm the basics
– Disconnect, then reconnect the AnyConnect session.
– Temporarily disable any third-party security software/firewalls to see if they’re blocking traffic while the VPN is connected. Re-enable after testing.
– Try accessing a non-HTTPS site http to rule out SSL-specific issues.
– Test with VPN off
– Open a web browser with the VPN disconnected and see if you can reach the internet normally. If you can, the problem is specific to the VPN tunnel, not your general network.
– Test with another device
– If possible, connect a different computer or mobile device to the same VPN server. If the other device has internet through the VPN, the issue is likely local to your original device settings, DNS cache, firewall, etc..
– Check the status page or internal IT notices
– Some VPN setups show advisories for server maintenance or outages. If the server you’re connected to is down or misconfigured, you might see intermittent connectivity.
2 Check and adjust tunnel behavior
– Use default gateway on remote network full tunnel vs split tunneling
– Full tunnel Use default gateway on remote network means all traffic passes through the VPN. If DNS or gateway settings are off, you’ll lose internet access when connected.
– Split tunneling allows only corporate traffic through the VPN while regular internet traffic uses your local network. If your admin has disabled split tunneling, you may need to adapt expectations or contact IT for a policy change.
– How to adjust in the client
– In Cisco AnyConnect, look for connection or advanced options, and check whether the “Use default gateway on remote network” option is enabled. If you don’t see this option, it might be controlled by the VPN profile from your IT department.
– If you’re allowed, switching between split tunneling and full tunneling can help identify where the issue lies.
– Quick mental model
– If you can reach internal resources like intranet pages but cannot browse the public internet, your DNS or gateway is likely misconfigured for the tunnel. If you can’t reach intranet resources either, it could be a broader VPN connection issue.
3 DNS and name resolution
– Flush DNS cache
– Windows: open Command Prompt as Admin and run ipconfig /flushdns
– macOS: in Terminal, run sudo dscacheutil -flushcache. sudo killall -HUP mDNSResponder
– Change DNS servers
– Set your device to use a public DNS for troubleshooting: 8.8.8.8 and 8.8.4.4 Google or 1.1.1.1 and 1.0.0.1 Cloudflare/1.1.1.1.
– Avoid relying on the VPN’s DNS servers if they’re slow or misbehaving.
– Verify DNS leakage and resolution
– After connecting, run nslookup google.com to see which DNS server is answering. If it’s your local ISP’s or a VPN’s DNS, that might indicate a tunnel misconfiguration. You want to see the VPN or your chosen public DNS for resolution.
– Test with a known IP
– Try pinging 1.1.1.1 or 8.8.8.8. If ping works but domain lookup fails, it’s DNS-related. If ping fails, it’s a broader routing issue.
4 IPv6 considerations
– Disable IPv6 on the VPN adapter temporary test
– Some VPN configurations don’t handle IPv6 well, leading to DNS or route issues.
– Windows: Network Connections > Right-click the Cisco AnyConnect adapter > Properties > uncheck Internet Protocol Version 6 IPv6
– macOS: System Preferences > Network > Advanced > TCP/IP > Configure IPv6: Off
– Re-test internet access with IPv6 disabled
– If it works after disabling IPv6, you can leave IPv6 off temporarily and check with your IT team for a proper IPv6-enabled configuration.
5 Network adapter and routing sanity checks
– Ensure the VPN adapter is enabled
– Open your network connections Windows or Network Preferences macOS and confirm the Cisco AnyConnect VPN adapters are enabled and not labeled as disabled or blocked by the OS.
– Reset network stack Windows
– Open Command Prompt as Admin and run:
– netsh winsock reset
– netsh int ip reset
– Reboot and try again.
– Renew IP address for VPN adapter
– Windows: ipconfig /release followed by ipconfig /renew in the Command Prompt Admin
– Check for conflicting VPN software
– If you have multiple VPN clients installed, they can clash. Uninstall other VPN clients temporarily to test.
6 Firewall, antivirus, and security software
– Temporarily disable firewall/antivirus
– Some security suites add strict rules for VPN traffic. Temporarily disable to test.
– If internet returns with the security software off, add an exception for Cisco AnyConnect in the firewall and re-enable protection.
– Check Windows Defender Firewall rules
– Ensure that Cisco AnyConnect is allowed to communicate on both private and public networks.
– Consider a policy conflict with antivirus web protection
– Some AVs block VPN tunnels or restrict DNS requests. Look for VPN-related exceptions or temporarily disable the web protection module.
7 Check the VPN profile and server
– Confirm the server address is correct
– A typo or a deprecated server can cause failures to route traffic properly.
– Reinstall or update the AnyConnect client
– Always use the latest version supported by your organization. If you’re on an older version, bugs could cause internet access problems.
– Re-import the VPN profile
– If your organization distributes a profile file XML or JSON, re-import it to ensure you have the correct routing rules and DNS settings.
– Check certificate validity
– If your device shows a certificate trust issue, you may connect to the VPN but fail to route traffic. Import the correct root certificates if your IT team has distributed them.
8 Common home-network issues and fixes
– Router issues after VPN connect
– Some home routers don’t handle VPN traffic well, especially if they have parental controls or QoS rules. Reboot the router and test direct device connectivity without the router’s extra features.
– Modem and NAT considerations
– If you’re behind a double NAT scenario or CGNAT, some VPN setups can behave oddly. A bridge mode on a modem or a simple single-NAT setup often helps.
– Internet connectivity outside VPN
– If you can’t browse the outside internet even when the VPN is disconnected, the issue lies with your local network or ISP modem, router, or service outage. Contact your ISP if needed.
9 Windows vs macOS specifics
– Windows users
– Ensure you’re running as Administrator when making network changes or installing updates.
– Use the built-in Network Troubleshooter to catch obvious misconfigurations.
– If you’re on Windows 11/10, check for pending Windows updates. network-related fixes are often included.
– macOS users
– Reset the network preferences if you suspect conflicts.
– Remove and re-add the VPN profile. macOS can hold onto old route tables that confuse the tunnel.
– If the built-in VPN client behavior feels different from Windows, verify the server’s support notes for macOS-specific steps.
10 When to contact IT or your VPN administrator
– If your organization uses a strict full-tunnel policy, and you still can’t access the internet after adjustments, there may be a server-side issue or misconfigured routing on the VPN gateway.
– If you consistently see DNS resolution failures or TLS certificate errors, your admin may need to push updated profiles or root certificates.
– If other employees report similar problems, it’s likely a server or policy change that IT needs to address.
11 Best-practice tips for long-term reliability
– Keep the VPN client updated
– Regular updates fix bugs, improve compatibility, and patch security issues that can otherwise disrupt internet access.
– Document your troubleshooting steps
– A short notebook of what you tried and the outcomes helps IT support replicate and resolve quickly if you’re in a corporate environment.
– Use split tunneling when appropriate
– For personal devices, split tunneling can help you keep local internet access while staying protected for corporate resources. In a business setting, follow policy guidance from IT.
– Consider a fallback plan
– If you rely on VPN for work, keep a secondary secure connection like a trusted personal VPN as a backup, especially when you’re troubleshooting or traveling.
– Optimize DNS posture
– Use a fast, private DNS for both VPN and local use, and avoid unstable, slow resolvers. This can improve reliability and reduce DNS-related outages.
– Check your network path regularly
– Tools like traceroute tracert on Windows, traceroute on macOS can help identify where in the path the traffic is stalling, whether in your device, router, or the VPN gateway.
12 Quick-tech recap checklist
– Internet works when VPN is disconnected
– VPN is configured for the desired tunnel mode split vs full
– DNS is clean flush + alternative DNS servers
– IPv6 is tested off if necessary
– VPN adapter is enabled and healthy
– TCP/IP stack reset performed if needed
– Firewall/AV rules allow VPN traffic
– VPN client and profile are up to date
– No conflicting VPN software installed
– Server status or IT notices checked
Frequently Asked Questions
Frequently Asked Questions
# Why does Cisco AnyConnect sometimes block internet access even though I’m connected?
Often this happens due to DNS misconfiguration, full-tunnel routing, IPv6 issues, or local firewall rules that block VPN traffic. It can also occur if the VPN server pushes a profile with restrictive routing or if a conflicting VPN client is installed.
# Should I use split tunneling or full tunnel for home use?
Split tunneling is convenient for preserving local internet access, but in corporate environments, IT may require full tunneling for security and compliance. Check policy guidance from your IT team before changing this setting.
# How do I know if my DNS is the problem?
If you can reach IP addresses like pinging 1.1.1.1 but can’t resolve domain names google.com, you likely have a DNS issue. Flushing DNS and switching to a stable DNS server can help.
# How do I reset the TCP/IP stack on Windows?
Open Command Prompt as Administrator and run:
– netsh int ip reset
– netsh winsock reset
Then reboot your computer.
# Can IPv6 cause VPN issues?
Yes. Some VPN configurations aren’t compatible with IPv6, causing DNS or routing problems. Temporarily disabling IPv6 on the VPN adapter can help identify the issue.
# Do I need to reinstall Cisco AnyConnect?
If the problem persists after all other checks, reinstalling the client can fix corrupted files or misconfigurations. Ensure you have the latest version and your profile details ready.
# How can I test if the VPN server is the problem?
Try connecting to a different server if your VPN client supports multiple endpoints. If another server works, the original server may be misconfigured or overloaded.
# What should I do if my corporate network requires full tunneling but it blocks internet?
Contact your IT department to verify that the server is correctly configured for full tunneling and that there are no firewall blocks or DNS misconfigurations affecting public internet access.
# Is there a quick troubleshooting flow I can follow?
Yes. Start by confirming internet works without VPN, then test with VPN on and off, flush DNS, test with alternative DNS, disable IPv6 temporarily, reset the network stack if needed, and check firewall/AV rules. If the problem persists, update or reinstall the client and consult IT.
# Can a VPN cause slow internet even when it’s connected?
Absolutely. VPNs can introduce overhead due to encryption, longer routes, or server congestion. If you notice persistent slowness, test with a nearby server, switch protocols if your client allows, or consult IT about server load and routing.
Note: This content is intended to be a practical, user-focused guide. If you’re working in an organizational environment, many steps depend on your IT policy and the VPN profile provided by your administrator. For ongoing protection and a smoother experience, keeping your VPN client updated and working with your IT team to tailor the profile for your network is key.