cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1868
Views
0
Helpful
6
Replies

AnyConnect and default gateway

robbhanMid
Level 1
Level 1

Hi,

I'm using the AnyConnect client version 2.1 on a bunch of Windows XP workstations. My problem is that after a successful connect to my asa 5505 the default gateway that I set dissapears after about 30 seconds. So basically, everything works for half a minute but without a default gateway, nothing will work (obviously)

The output ipconfig /all :

IP Address. . . . : 192.168.1.242

Subnet Mask . . . . . : 255.255.255.0

Default Gateway . . . . : 192.168.1.1

DNS Servers . . . . . . . : 192.168.1.4

Then after a while (no default gateway):

IP Address. . . . : 192.168.1.242

Subnet Mask . . . . . : 255.255.255.0

Default Gateway . . . . :

DNS Servers . . . . . . . : 192.168.1.4

6 Replies 6

Marwan ALshawi
VIP Alumni
VIP Alumni

do u have siplt tunneling configured on the ASA for anyconnect vpn ?

I think so. I don't have access to the asa right now so I can't tell for sure.

In what way does it matter?

if u dont have it evry thraffic from ur computer will go through the tunnel vpn

if u have it u can decide which traffic should be tunnel and anything elde use the normal computer setting..try it and let me know if it is the cause !!!

Thanx for your reply.

Is the spilt tunneling a client setting on each host or can I set it in the asa. Thru an ip pool setting perhaps?

split tunnel configured on the ASA

u use it to spicify what trafic should be send over the vpn tunnel and what should use the PC seeting

for example if ur internal network is 192.168.1.0/24

u creat an ACL that match this traffic and put it in the wevvpn setting in the group-policy as a split tunnel list

inthis case if the user want to use the internet and the vpn at the same time

traffic going to 192.168.0/24 will go through the tunnel and any other traffic will use the PC network setting

by defualt all traffic goes over the tunnel !!

the folowing simple config:

group-policy svc-client internal

group-policy svc-client attributes

wins-server value 192.168.0.102

dns-server value 192.168.0.102

vpn-tunnel-protocol svc

split-tunnel-policy tunnelspecified

split-tunnel-network-list value split

access-list split standard permit 192.168.0.0 255.255.255.0

the split ACL represent the internal netwrok that the user will send his traffic to it as a tunneled traffic

good luck

if helpful Rate

Hi there,

I'm also having similar kind of problem...as soon as the ssl vpn gets connected the default gateway to the internet goes away...

Before conneciton

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.1.1.60

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.1.1.254

After Connection

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 10.1.1.60

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Local Area Connection 7:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.251.1

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.251.1

here you can see that my connection to the internet is 10.1.1.X and ip that vpn leases is 192.168.251.x ...and you can see that my defauls gateway to the internet gets vanished...i have given tunnelall in group-policy...and when i am connected i cannot ping or connect to any or devices that are behind that asa...please suggest me what to do correct the problem..

Thanks,

Joe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: