Remote VPN Default Gateway

itcarefree · ‎02-21-2008

I have an ASA 5510 terminating a remote access VPN using Cisco VPN client 4 and 5. Recently I have been advised that users are having trouble accessing network shares and I have found that the default gateway assigned to remote clients is invalid. The address pool for remote clients is x.x.1.235 - x.x.1.250. When I connect to the VPN and do an ipconfig I get a default-gateway of x.x.0.1. This address is part of our network but is a server and not a router. I am unable to find a command to set the default-gateway for remote access clients. Once I manually change the default-gateway everything seems to work. The problem is that users do not have admin rights to their PCs so are unable to change the default gateway. Where is this default-gateway being assigned to the address pool and how do I specify what default-gateway remote client should receive?

DrD3m3nt0 · ‎02-21-2008

Use of split-tunneling should fix your problem.

Create an acl to specify VPN networks:

access-list networks_accessible_VPN standard permit x.x.x.x mask (vpn networks)

Use your VPN similar to below and add split tunnel functionality using the above acl:

group-policy remote_vpn_users attributes

banner none

split-tunnel-policy tunnelspecified

split-tunnel-network-list value networks_accessible_VPN

Traffic in the above acl will be encrypted and use the VPN tunnel.

All traffic will use your default gateway unencrypted and unaffected by tunnel traffic.

itcarefree · ‎02-26-2008

That seemed to fix the problem. Thank you for your help

johnd2310 · ‎02-25-2008

Hi,

When you do an ipconfig on the client, how many adapters and how many default gateways do you have? Do you have a default gateway for the cisco vpn adapter and the ethernet adapter?

Thanks

John

**Please rate posts you find helpful**