Re: Internal DHCP server and default gateway

joedansereau · ‎11-05-2009

I am setting up my RA & Anyconnect clients to get their IP address from an internal DHCP server (Windows Server 2003) and there seems to be a problem with the default gateway. I have the scope option pointing to the ASA-5505 internal IP 192.168.x.254(option 3), the client connects using either VPN client (RA or Anyconnect) and receives an address from the internal DHCP. The problem is the DHCP option 3 does not get passed to the client from the server. The client default gateway is set to 192.168.x.1. Any ideas why the gateway does not get set to the ASA internal interface?

Ricardo Prado Rueda · ‎12-03-2009

Hi,

The AnyConnect (and IPSEC VPN Client) interface is a virtual interface, no packets ever make it to the gateway mentioned in the

defautl gateway route. The traffic is just encrypted and sent to the remote VPN endpoint, it is up to the VPN server to decide how

to forward this traffic.So it doesn't matter what the gateway is , as long as it is in the same subnet as the interface.

This behavior applies to Local IP Pools as well ascertaining an IP from DHCP. The DHCP Server does not even need to have the

router (default gateway) option configured, since it does not apply to the VPN virtual adapter.

With Anyconnect, the gateway points to the 1st IP in the assigned subnet (Or the 2nd ip , if the assigned address is the 1st ip )

Regards,

Rick.