cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
973
Views
0
Helpful
1
Replies

How do I set the default gateway for VPN clients? (ASA5505)

philip.r.hayes
Level 1
Level 1

I have set up several ASA5505's. One using the CLI and the other using ASDM. In both cases no matter what I do, I cannot find a way to configure what the end user client gets for a default gateway.

For example, I set up an IP Pool for 10.8.25.220-229, mask: 255.255.0.0. After connecting with the VPN Client (IPSEC or AnyConnect), when I run "ipconfig" at the client, it shows the default gateway to be 10.8.0.1. Yet, (it's a network configuration I inherited. I would not have designed it this way) the actual gateway for that network is 10.8.24.230 (stupid, I admit). Even if I set a route statement for the inside interface to 10.8.24.230, it doesn't affect the gateway assigned to clients.

Am I wrong or is the ASA always going to set the client's default gateway to the lowest numbered host in whatever network you have the IP Pool? That would certainly be the case here.

Can anyone tell me if there is a way to force the connected VPN clients to use 10.8.24.230?

Phil

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

No, there is no way to configure specific default gateway for the vpn client pool subnet. VPN Client will send the traffic towards the ASA after being

encrypted anyway, so from the vpn client virtual adapter point of view, default gateway does not make any difference.

Once traffic reaches the ASA, you can configure the routing accordingly.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: