Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1489
Views
0
Helpful
1
Replies

Anyconnect ip address

Go to solution
suthomas1
Level 6
Level 6

‎07-07-2009 05:35 AM - edited ‎02-21-2020 03:33 AM

Hi,

When we connect to SSL Anyconnect vpn, the ip address assigned seems to be with a gateway next to the ip address being assigned & with the subnet mask as whatever subnet the range belongs to.

Like, if i assign pool of 192.168.100.1-192.168.100.14(/28)to a group, on connecting it will allocate me following:

IP addr: 192.168.100.1

SM: 255.255.255.240

GW: 192.168.100.2

1. Shouldn't VPN connections be displaying subnet mask as /32 & gateway address same as IP address assigned?

2.Why does it need to allot a gateway address? & if it is necessary, why does it default to the very next IP address?

There are no problems with connections over VPN, everything is working fine.

Curious to know these.

Please advise.Thanks.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ksirupa
Level 3
Level 3

‎07-15-2009 02:34 AM

Hi,

This is expected behavior and shouldn't cause any problems for your VPN connection.

Windows XP does not like the interface to be same as the gateway for a non-local route. In XP, for a local route, the gateway can and must point to the interface. In XP, for a non-local route, the gateway must not point to the interface.

Hence the change. The .1 (ie 1st IP in the subnet) was chosen randomly.

What happens if a machine with that IP exists on the private side of the ASA?

The AnyConnect interface is a virtual interface. The gateway on this interface is also meaningless. Since we are a virtual interface, no packets ever make it to the gateway mentioned in the route. We grab it , wrap it and send it out to the ASA just any other packet. After unwrapping it, it's up to the ASA to decide what to do with it.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
ksirupa
Level 3
Level 3

‎07-15-2009 02:34 AM

Hi,

This is expected behavior and shouldn't cause any problems for your VPN connection.

Windows XP does not like the interface to be same as the gateway for a non-local route. In XP, for a local route, the gateway can and must point to the interface. In XP, for a non-local route, the gateway must not point to the interface.

Hence the change. The .1 (ie 1st IP in the subnet) was chosen randomly.

What happens if a machine with that IP exists on the private side of the ASA?

The AnyConnect interface is a virtual interface. The gateway on this interface is also meaningless. Since we are a virtual interface, no packets ever make it to the gateway mentioned in the route. We grab it , wrap it and send it out to the ASA just any other packet. After unwrapping it, it's up to the ASA to decide what to do with it.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card