Showing results for 
Search instead for 
Did you mean: 

VPDN Command: No default Gateway?


I finally got our PIX to authenticate PPTP sessions with our RADIUS server. However, this vpdn command seems to be lacking a command to assign the default gateway to clients, along with the DNS servers (that was the problem I was having). Am I just missing something? The only workaround is to enable in the client TCP/IP config, use default gateway on remote network. That means any client internet trafic passes out our T1. We don't want that since our T1 is a burstable service, meaning the more we use it, the more we pay. Any workarounds are appreciated.


3 Replies 3



1 If you assign the ip pool address to your PPTP client is part of your inside network ( for example : you inside network is 192.168.100.x/24 and your PPTP pool is to, if you turn off 'use default gateway of remote network' setting, the split-tunnel will be working fine.

You do not need to do anything more.

2 If you assign the ip ppol address is different with your inside network,for example : you inside network is 192.168.100.x/24 and your PPTP pool is to

In spite of you turn off 'use default gateway of remote network' setting, you still need maually add static route when you connect with PPTP.

route add mask

That is the only way to make PPTP split-tunnel working.

Because PPTP is Microsoft VPN protocol, we can not do too much for that.

Try to use Cisco unity VPN client, that is much handy in split-tunnel funcation.

Please check following URL for split tunnelling part:

Best Regards,

Paul Qiu

Thanks for your input. I had it set up like your #2 option : a different IP range, and went back to assigning the local pool a block from our internal lan IP settings. However, this still didn't work. I can authenticate, but that is all. This split tunnel seems to apply to the vpngroup command, which I am under the impression applies to IPSEC connections. Is this true? All the examples I find relate to that.

Using the CISCO client isn't an option at this point, as we would need to purchase it. We only have about 5 vpn users and that will be about all for some time.

Thanks !

Actually what I meant to sya was that it the CISCO documentation implies that the vpngroup is an extension to their client software, not just IPSEC. Is that true?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers