02-24-2020 05:51 PM
I work from a Windows computer with 3 network adapters. One of them has a much faster Internet connection than the other 2. The metric on the faster adapter is numerically smaller than the other two, so the default route is through that adapter. Unfortunately, AnyConnect always chooses to establish the VPN over one of the slow adapters, unless I pull the Ethernet cables from both of the slow ones. Worse, if I do that, then plug the cable to either of the slower networks back in, AnyConnect disconnects and re-connects over the slower one.
Is there any way to force AnyConnect to use a specific adapter? I don't care whether it is normal configuration or a registry hack, I just want some control over the situation.
Windows 10
AnyConnect 4.6.01098
Solved! Go to Solution.
02-24-2020 06:27 PM
02-24-2020 06:27 PM
02-24-2020 07:51 PM
I printed the route table and immediately saw the solution. Although the metrics give correct routing in Windows, just having routes for 0.0.0.0/0 on all interfaces gives AnyConnect a chance to use any interface. All I have to do is delete the routes for my slower interfaces and AnyConnect will have no choice.
Right now, with one of the slow networks plugged in, I have
Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 10 0.0.0.0 0.0.0.0 10.96.1.1 10.96.1.23 60
I want AnyConnect to use 192.168.1.102, so all I have to do is delete the route for 10.96.1.23.
route delete 0.0.0.0 mask 0.0.0.0 10.96.1.1
02-24-2020 07:58 PM
02-24-2020 08:00 PM
Francesco - Upon re-reading your post, I realize that you are correct. Rather than deleting the route, I could add a route specific to the IP of the VPN server that uses the desired interface, and AnyConnect would use that. It is a better solution that route deletion because it will "stick", whereas a deleted route will return if I un-plug then plug the Ethernet cable on that adapter.
02-24-2020 06:38 PM - edited 02-24-2020 06:39 PM
Hi,
I can suggest one work around. Install Anyconnect NAM. Although use of NAM module is very vast like it will basically allow type of authentication to use for Dot1x but we can ignore this part. With NAM Module, you can also have option to choose which adapter/network/ssid to use for your network connection.
You can choose manually or you can create a script using NAM profile editor to hard code it.
02-24-2020 07:55 PM
From the link you provided:
The Network Access Manager is designed to be single homed, allowing only one network connection at a time. Also, wired connections have higher priority than wireless so that if you are plugged into the network with a wired connection, the wireless adapter becomes disabled with no IP address.
So, it will force AnyConnect to use one network interface. Unfortunately, it will disable the other interfaces, which I can't let happen.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide