Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6754
Views
20
Helpful
5
Replies

AnyConnect change Gateway

Go to solution
gerardothink
Level 1
Level 1

‎07-11-2019 01:09 PM

Good Afternoon!

 

Can somebody please help me change the gateway for AnyConnect, I have setup AnyConnect on a ASA5506-X

 

I am able to connect to the Firewall

My Firewall Assigns to me the IP Address of:

 

IP Address: 192.168.208.156

Subnet Mask: 255.255.255.0

Gateway: 192.168.208.1

 

but my gateway is not 192.168.208.1 the correct gateway is 192.168.208.111 how can I change this on the running-config :S

 

Thank you

 

your help will be greatly appreciate it

Labels:
Preview file
22 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Alan Ng'ethe
Level 3
Level 3

‎07-11-2019 08:12 PM

How can I specify a default gateway for AnyConnect users with a local IP pool?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Alan Ng'ethe

‎07-12-2019 08:17 AM

The value of the default gateway really does not matter to the AnyConnect client. The default gateway is significant when we deal with physical addresses and traditional IP subnets. But the AnyConnect client is dealing with a virtual interface and does not need a default gateway. The AnyConnect client is treating the VPN session very much like a point to point link, where you are not necessarily interested in the IP of the next hop. (think for example of this ip route 0.0.0.0 0.0.0.0 serial0/0. There is no need for a next hop address or a default gateway address.) The routing logic of the AnyConnect client is that all "interesting" traffic will be sent to the upstream peer using the encrypted link. That encrypted link uses the peer address and does not use any default gateway. Lots of software stacks expect an IP interface to have a default gateway and so Cisco typically will set the value of the default gateway to the first IP in the subnet of the address pool. But AnyConnect does not use that default gateway and it really does not make any significant difference whether the value of default gateway in the client matches the default gateway of the upstream peer or not.

 

HTH

 

Rick

HTH

Rick

View solution in original post

5 Replies 5

Go to solution
Alan Ng'ethe
Level 3
Level 3

‎07-11-2019 08:12 PM

How can I specify a default gateway for AnyConnect users with a local IP pool?

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Alan Ng'ethe

‎07-12-2019 08:17 AM

The value of the default gateway really does not matter to the AnyConnect client. The default gateway is significant when we deal with physical addresses and traditional IP subnets. But the AnyConnect client is dealing with a virtual interface and does not need a default gateway. The AnyConnect client is treating the VPN session very much like a point to point link, where you are not necessarily interested in the IP of the next hop. (think for example of this ip route 0.0.0.0 0.0.0.0 serial0/0. There is no need for a next hop address or a default gateway address.) The routing logic of the AnyConnect client is that all "interesting" traffic will be sent to the upstream peer using the encrypted link. That encrypted link uses the peer address and does not use any default gateway. Lots of software stacks expect an IP interface to have a default gateway and so Cisco typically will set the value of the default gateway to the first IP in the subnet of the address pool. But AnyConnect does not use that default gateway and it really does not make any significant difference whether the value of default gateway in the client matches the default gateway of the upstream peer or not.

 

HTH

 

Rick

HTH

Rick

Go to solution
gerardothink
Level 1
Level 1
In response to Richard Burts

‎07-12-2019 09:18 AM

Thank you very much!
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to gerardothink

‎07-12-2019 11:56 AM

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This question is about an aspect of AnyConnect that is not widely discussed and I think other participants will benefit from it. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

 

HTH

 

Rick

HTH

Rick

Go to solution
gerardothink
Level 1
Level 1
In response to Alan Ng'ethe

‎07-12-2019 09:18 AM

Thank you very much!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card