Remote VPN Default Gateway

Unanswered Question
Feb 21st, 2008
User Badges:

I have an ASA 5510 terminating a remote access VPN using Cisco VPN client 4 and 5. Recently I have been advised that users are having trouble accessing network shares and I have found that the default gateway assigned to remote clients is invalid. The address pool for remote clients is x.x.1.235 - x.x.1.250. When I connect to the VPN and do an ipconfig I get a default-gateway of x.x.0.1. This address is part of our network but is a server and not a router. I am unable to find a command to set the default-gateway for remote access clients. Once I manually change the default-gateway everything seems to work. The problem is that users do not have admin rights to their PCs so are unable to change the default gateway. Where is this default-gateway being assigned to the address pool and how do I specify what default-gateway remote client should receive?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
DrD3m3nt0 Thu, 02/21/2008 - 21:28
User Badges:

Use of split-tunneling should fix your problem.

Create an acl to specify VPN networks:

access-list networks_accessible_VPN standard permit x.x.x.x mask (vpn networks)

Use your VPN similar to below and add split tunnel functionality using the above acl:

group-policy remote_vpn_users attributes

banner none

split-tunnel-policy tunnelspecified

split-tunnel-network-list value networks_accessible_VPN

Traffic in the above acl will be encrypted and use the VPN tunnel.

All traffic will use your default gateway unencrypted and unaffected by tunnel traffic.

itcarefree Tue, 02/26/2008 - 09:26
User Badges:

That seemed to fix the problem. Thank you for your help

johnd2310 Mon, 02/25/2008 - 20:58
User Badges:
  • Silver, 250 points or more


When you do an ipconfig on the client, how many adapters and how many default gateways do you have? Do you have a default gateway for the cisco vpn adapter and the ethernet adapter?




This Discussion