09-28-2008 12:18 AM - edited 03-09-2019 09:34 PM
Hi,
I'm using the AnyConnect client version 2.1 on a bunch of Windows XP workstations. My problem is that after a successful connect to my asa 5505 the default gateway that I set dissapears after about 30 seconds. So basically, everything works for half a minute but without a default gateway, nothing will work (obviously)
The output ipconfig /all :
IP Address. . . . : 192.168.1.242
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . . : 192.168.1.1
DNS Servers . . . . . . . : 192.168.1.4
Then after a while (no default gateway):
IP Address. . . . : 192.168.1.242
Subnet Mask . . . . . : 255.255.255.0
Default Gateway . . . . :
DNS Servers . . . . . . . : 192.168.1.4
09-28-2008 03:02 AM
do u have siplt tunneling configured on the ASA for anyconnect vpn ?
09-28-2008 08:06 AM
I think so. I don't have access to the asa right now so I can't tell for sure.
In what way does it matter?
09-28-2008 04:18 PM
if u dont have it evry thraffic from ur computer will go through the tunnel vpn
if u have it u can decide which traffic should be tunnel and anything elde use the normal computer setting..try it and let me know if it is the cause !!!
09-30-2008 12:35 AM
Thanx for your reply.
Is the spilt tunneling a client setting on each host or can I set it in the asa. Thru an ip pool setting perhaps?
09-30-2008 08:22 AM
split tunnel configured on the ASA
u use it to spicify what trafic should be send over the vpn tunnel and what should use the PC seeting
for example if ur internal network is 192.168.1.0/24
u creat an ACL that match this traffic and put it in the wevvpn setting in the group-policy as a split tunnel list
inthis case if the user want to use the internet and the vpn at the same time
traffic going to 192.168.0/24 will go through the tunnel and any other traffic will use the PC network setting
by defualt all traffic goes over the tunnel !!
the folowing simple config:
group-policy svc-client internal
group-policy svc-client attributes
wins-server value 192.168.0.102
dns-server value 192.168.0.102
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
access-list split standard permit 192.168.0.0 255.255.255.0
the split ACL represent the internal netwrok that the user will send his traffic to it as a tunneled traffic
good luck
if helpful Rate
10-12-2008 07:30 AM
Hi there,
I'm also having similar kind of problem...as soon as the ssl vpn gets connected the default gateway to the internet goes away...
Before conneciton
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.254
After Connection
Ethernet adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.1.1.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Ethernet adapter Local Area Connection 7:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.251.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.251.1
here you can see that my connection to the internet is 10.1.1.X and ip that vpn leases is 192.168.251.x ...and you can see that my defauls gateway to the internet gets vanished...i have given tunnelall in group-policy...and when i am connected i cannot ping or connect to any or devices that are behind that asa...please suggest me what to do correct the problem..
Thanks,
Joe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: