06-19-2019 01:22 PM - edited 02-21-2020 09:13 AM
Have had great success here. Here is another one. We are moving from ACS to ISE and its working well
Except...
My VPN clients are picking up their DHCP address from a microsoft DHCP server.
Their default gateway is wrong.
The DHCP scope is 192.5.20.65-80. The Default gateway is coming as 192.5.20.1 which is wrong.
I would actually like it either blank or 192.90.60.1.
1) Where is the 192.5.20.1 address coming from (if I don't have a router listed in the DHCP scope, it's there)
2) Can I use 192.90.60.1?
Any ideas?
Solved! Go to Solution.
06-19-2019 11:34 PM
06-20-2019 01:07 AM
Hi Joseph,
Are we talking Anyconnect Clients here?
You are unable to by design to assign a DG to the the VPN clients. Depending on whether split tunneling is enabled / disabled, you will either have no GW showing or the first IP address of your scope showing.
With ST disabled - all traffic from the client will always have to go through the tunnel and the encrypting device will be responsible for routing it onward so any GW would be arbitrary.
06-20-2019 09:35 AM
06-19-2019 11:34 PM
06-20-2019 08:53 AM
Sorry, this is NOT a solution.
1) I get a default gateway of 192.5.20.1 no matter what I put in.
It is NOT coming from DHCP. I have put in multiple addresses and get the same 192.5.20.1
Your answer is not correct.
06-20-2019 09:31 AM
Hi Joseph
I did not say it comes from DHCP, it doesn't. You don't really have control over it for your anyconnect networks. All traffic coming back to the ASA will be decrypted and then routed from there so there is no purpose for a DG to be dished out to clients.
06-20-2019 01:07 AM
Hi Joseph,
Are we talking Anyconnect Clients here?
You are unable to by design to assign a DG to the the VPN clients. Depending on whether split tunneling is enabled / disabled, you will either have no GW showing or the first IP address of your scope showing.
With ST disabled - all traffic from the client will always have to go through the tunnel and the encrypting device will be responsible for routing it onward so any GW would be arbitrary.
06-20-2019 08:56 AM
DG?
ST?
GW Gateway?
Please I think I know what your saying and it sounds reasonable BUT your terminology doesn't seem consistent or I'm reading it wrong.
06-20-2019 09:33 AM
06-20-2019 09:35 AM
06-20-2019 10:17 AM
Thank you Sir. I is doing as I expected AND you stated.
Although my system is replying that the Default gateway is the first address in the scope, when I did a dhcpc debug on the router, it showed the correct gateway of my inside ASA interface is being used as the default gateway.
Thanks for the help.
Joe Williams
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: