How do I set the default gateway for VPN clients? (ASA5505)

Unanswered Question
Jul 11th, 2010

I have set up several ASA5505's. One using the CLI and the other using ASDM. In both cases no matter what I do, I cannot find a way to configure what the end user client gets for a default gateway.

For example, I set up an IP Pool for 10.8.25.220-229, mask: 255.255.0.0. After connecting with the VPN Client (IPSEC or AnyConnect), when I run "ipconfig" at the client, it shows the default gateway to be 10.8.0.1. Yet, (it's a network configuration I inherited. I would not have designed it this way) the actual gateway for that network is 10.8.24.230 (stupid, I admit). Even if I set a route statement for the inside interface to 10.8.24.230, it doesn't affect the gateway assigned to clients.

Am I wrong or is the ASA always going to set the client's default gateway to the lowest numbered host in whatever network you have the IP Pool? That would certainly be the case here.

Can anyone tell me if there is a way to force the connected VPN clients to use 10.8.24.230?

Phil

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Mon, 07/12/2010 - 04:57

No, there is no way to configure specific default gateway for the vpn client pool subnet. VPN Client will send the traffic towards the ASA after being

encrypted anyway, so from the vpn client virtual adapter point of view, default gateway does not make any difference.

Once traffic reaches the ASA, you can configure the routing accordingly.

Actions

This Discussion