Re: ssl vpn with anyconnect

1snelson · ‎07-30-2008

I have ssl vpn with anyconnect working through an ASA. I need to change the default gateway that the client picks up after connecting, but can't find where to make the change. I can't even find where it is getting the current default gateway. Can anyone point me in the right direction?

Thank you.

andrew.prince · ‎08-01-2008

Stuart,

For encrypted traffic the DG is the SSL virtual adapter interface on the machine? You can't change this to my knowledge, it must work this way.

HTH>

1snelson · ‎08-01-2008

That is what I would normally expect, however the default gateway that it is picking up is the address of my domain controller?

andrew.prince · ‎08-01-2008

Then I would double check your configuration - unless you are connecting to the SSL VPN from inside your corp network?

HTH>

JORGE RODRIGUEZ · ‎08-01-2008

Agree with Andrew, DG is something you cannot change as it is virtualy assigned, unless indicated by Andrew.

Where is the tunnel terminated at inside, outside interfaces? I suspect you are probably using Webvpn Pool IP range scheme as an already used subnet from inside where your DC resides, if this is the case use a different private IP network for WebVPN tunnel group.

HTH

Jorge

Jorge Rodriguez

1snelson · ‎08-01-2008

The tunnel is terminated on the outside interface. I am using a webvpn ip pool that is part of our internal subnet. I need to be able to point to an internal gateway that can direct traffic to all parts of our internal network.

andrew.prince · ‎08-01-2008

OK - as long as you ASA/PIX has a route to an internal layer 3 routing device, you should have no issues.

HTH>

1snelson · ‎08-01-2008

Thanks to both of you for pointing me in the right direction - it is working now.