AnyConnect and default gateway

Unanswered Question
Sep 28th, 2008
User Badges:

Hi,

I'm using the AnyConnect client version 2.1 on a bunch of Windows XP workstations. My problem is that after a successful connect to my asa 5505 the default gateway that I set dissapears after about 30 seconds. So basically, everything works for half a minute but without a default gateway, nothing will work (obviously)


The output ipconfig /all :

IP Address. . . . : 192.168.1.242

Subnet Mask . . . . . : 255.255.255.0

Default Gateway . . . . : 192.168.1.1

DNS Servers . . . . . . . : 192.168.1.4


Then after a while (no default gateway):

IP Address. . . . : 192.168.1.242

Subnet Mask . . . . . : 255.255.255.0

Default Gateway . . . . :

DNS Servers . . . . . . . : 192.168.1.4

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marwan ALshawi Sun, 09/28/2008 - 03:02
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

do u have siplt tunneling configured on the ASA for anyconnect vpn ?

robbhanMid Sun, 09/28/2008 - 08:06
User Badges:

I think so. I don't have access to the asa right now so I can't tell for sure.

In what way does it matter?

Marwan ALshawi Sun, 09/28/2008 - 16:18
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

if u dont have it evry thraffic from ur computer will go through the tunnel vpn

if u have it u can decide which traffic should be tunnel and anything elde use the normal computer setting..try it and let me know if it is the cause !!!

robbhanMid Tue, 09/30/2008 - 00:35
User Badges:

Thanx for your reply.

Is the spilt tunneling a client setting on each host or can I set it in the asa. Thru an ip pool setting perhaps?


Marwan ALshawi Tue, 09/30/2008 - 08:22
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

split tunnel configured on the ASA

u use it to spicify what trafic should be send over the vpn tunnel and what should use the PC seeting

for example if ur internal network is 192.168.1.0/24

u creat an ACL that match this traffic and put it in the wevvpn setting in the group-policy as a split tunnel list

inthis case if the user want to use the internet and the vpn at the same time

traffic going to 192.168.0/24 will go through the tunnel and any other traffic will use the PC network setting

by defualt all traffic goes over the tunnel !!

the folowing simple config:


group-policy svc-client internal

group-policy svc-client attributes

wins-server value 192.168.0.102

dns-server value 192.168.0.102

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split


access-list split standard permit 192.168.0.0 255.255.255.0


the split ACL represent the internal netwrok that the user will send his traffic to it as a tunneled traffic


good luck

if helpful Rate

sr2623235 Sun, 10/12/2008 - 07:30
User Badges:

Hi there,


I'm also having similar kind of problem...as soon as the ssl vpn gets connected the default gateway to the internet goes away...


Before conneciton


Ethernet adapter Wireless Network Connection:


Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.1.1.60

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.1.254


After Connection


Ethernet adapter Wireless Network Connection:


Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.1.1.60

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :


Ethernet adapter Local Area Connection 2:


Media State . . . . . . . . . . . : Media disconnected


Ethernet adapter Local Area Connection 7:


Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.251.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.251.1


here you can see that my connection to the internet is 10.1.1.X and ip that vpn leases is 192.168.251.x ...and you can see that my defauls gateway to the internet gets vanished...i have given tunnelall in group-policy...and when i am connected i cannot ping or connect to any or devices that are behind that asa...please suggest me what to do correct the problem..


Thanks,

Joe

Actions

This Discussion