[c-nsp] Cisco VPN Client Assigns Incorrect Default Gateway

Brian DuRoss bduross at learningcaregroup.com
Wed Mar 10 12:10:10 EST 2010


To tunnel all traffic from a client set 'split-tunnel-policy tunnelall' in your policy attributes. 

Not sure how or why it is assigning random gateways. Is the gateway you are seeing the same as the IP that is assigned to the VPN adapter on the client? If so, that is normal. 

HTH

-B

--
Brian DuRoss
Learning Care Group
Systems Coordinator
o: 248.697.9202

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aaron Riemer
Sent: Wednesday, March 10, 2010 1:10 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco VPN Client Assigns Incorrect Default Gateway

Hi Guys,

 

I am hoping someone may be able to help me out here. I am trying to
assign a block of IP Addresses to my VPN clients (specifically the
subnet 192.168.254.0/24) that is not on use on the internal network. For
some reason the clients are assigned a default gateway even though this
is not configured.

 

Is there a way to make sure the VPN client does not assign a default
gateway? I assumed if I was tunnelling all traffic then the default
gateway would not be required? The reason I ask this is because the VPN
client just seems to assign a random default gateway and as a result
routing does not work. See below for config.

 

username vpntest password encrypted

username vpntest attributes

 vpn-group-policy vpntest

!

group-policy vpntest internal

group-policy vpntest attributes

 banner value **** Welcome to Test *****

 dns-server value x.x.x.x

 vpn-idle-timeout none

 vpn-session-timeout none

 vpn-tunnel-protocol IPSec 

 default-domain value xxxxxxx

!

tunnel-group vpngroup type ipsec-ra

tunnel-group vpngroup general-attributes

 address-pool new

 default-group-policy vpntest

tunnel-group vpngroup ipsec-attributes

 pre-shared-key *

!

ip local pool new 192.168.254.1-192.168.254.254 mask 255.255.255.0

!

 

Any thoughts?

 

Thanks,

 

Aaron.

 


LEGAL DISCLAIMER: This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list