The small company that I am working for has run into a couple of end users that are raising cybersecurity concerns and now need to force an always on VPN to mitigate this.

This is where the caveat comes in; there are two users that we cannot force to have an always on VPN with for numerous reasons, the first being they own the company and often vacation to an area without any sort of internet access.

That being said, of our three person IT team, none of us are too familiar with Cisco’s ASA and could really use some help.

Our setup: Cisco ASA with Firepower module with ASA version 9.14(2)15 and ADSM with a version of 7.15(1)150.

VPN is configured already through AnyConnect and is functional however does not force an always on VPN. No AD/LDAP integration.

Currently have Active Directory on a windows server (2022).

Question: How do I go about forcing on a VPN for all users except 2?