How do I set the default gateway for VPN clients? (ASA5505)

Unanswered Question
Jul 11th, 2010
User Badges:

I have set up several ASA5505's. One using the CLI and the other using ASDM. In both cases no matter what I do, I cannot find a way to configure what the end user client gets for a default gateway.

For example, I set up an IP Pool for, mask: After connecting with the VPN Client (IPSEC or AnyConnect), when I run "ipconfig" at the client, it shows the default gateway to be Yet, (it's a network configuration I inherited. I would not have designed it this way) the actual gateway for that network is (stupid, I admit). Even if I set a route statement for the inside interface to, it doesn't affect the gateway assigned to clients.

Am I wrong or is the ASA always going to set the client's default gateway to the lowest numbered host in whatever network you have the IP Pool? That would certainly be the case here.

Can anyone tell me if there is a way to force the connected VPN clients to use


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Mon, 07/12/2010 - 04:57
User Badges:
  • Cisco Employee,

No, there is no way to configure specific default gateway for the vpn client pool subnet. VPN Client will send the traffic towards the ASA after being

encrypted anyway, so from the vpn client virtual adapter point of view, default gateway does not make any difference.

Once traffic reaches the ASA, you can configure the routing accordingly.


This Discussion