07-11-2019 01:09 PM
Good Afternoon!
Can somebody please help me change the gateway for AnyConnect, I have setup AnyConnect on a ASA5506-X
I am able to connect to the Firewall
My Firewall Assigns to me the IP Address of:
IP Address: 192.168.208.156
Subnet Mask: 255.255.255.0
Gateway: 192.168.208.1
but my gateway is not 192.168.208.1 the correct gateway is 192.168.208.111 how can I change this on the running-config :S
Thank you
your help will be greatly appreciate it
Solved! Go to Solution.
07-11-2019 08:12 PM
How can I specify a default gateway for AnyConnect users with a local IP pool?
07-12-2019 08:17 AM
The value of the default gateway really does not matter to the AnyConnect client. The default gateway is significant when we deal with physical addresses and traditional IP subnets. But the AnyConnect client is dealing with a virtual interface and does not need a default gateway. The AnyConnect client is treating the VPN session very much like a point to point link, where you are not necessarily interested in the IP of the next hop. (think for example of this ip route 0.0.0.0 0.0.0.0 serial0/0. There is no need for a next hop address or a default gateway address.) The routing logic of the AnyConnect client is that all "interesting" traffic will be sent to the upstream peer using the encrypted link. That encrypted link uses the peer address and does not use any default gateway. Lots of software stacks expect an IP interface to have a default gateway and so Cisco typically will set the value of the default gateway to the first IP in the subnet of the address pool. But AnyConnect does not use that default gateway and it really does not make any significant difference whether the value of default gateway in the client matches the default gateway of the upstream peer or not.
HTH
Rick
07-11-2019 08:12 PM
How can I specify a default gateway for AnyConnect users with a local IP pool?
07-12-2019 08:17 AM
The value of the default gateway really does not matter to the AnyConnect client. The default gateway is significant when we deal with physical addresses and traditional IP subnets. But the AnyConnect client is dealing with a virtual interface and does not need a default gateway. The AnyConnect client is treating the VPN session very much like a point to point link, where you are not necessarily interested in the IP of the next hop. (think for example of this ip route 0.0.0.0 0.0.0.0 serial0/0. There is no need for a next hop address or a default gateway address.) The routing logic of the AnyConnect client is that all "interesting" traffic will be sent to the upstream peer using the encrypted link. That encrypted link uses the peer address and does not use any default gateway. Lots of software stacks expect an IP interface to have a default gateway and so Cisco typically will set the value of the default gateway to the first IP in the subnet of the address pool. But AnyConnect does not use that default gateway and it really does not make any significant difference whether the value of default gateway in the client matches the default gateway of the upstream peer or not.
HTH
Rick
07-12-2019 09:18 AM
07-12-2019 11:56 AM
I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This question is about an aspect of AnyConnect that is not widely discussed and I think other participants will benefit from it. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
HTH
Rick
07-12-2019 09:18 AM
Thank you very much!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide