Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1358
Views
5
Helpful
6
Replies

AnyConnect chooses to run over a slow adapter

Go to solution
talkingscott
Level 1
Level 1

‎02-24-2020 05:51 PM

I work from a Windows computer with 3 network adapters.  One of them has a much faster Internet connection than the other 2.  The metric on the faster adapter is numerically smaller than the other two, so the default route is through that adapter.  Unfortunately, AnyConnect always chooses to establish the VPN over one of the slow adapters, unless I pull the Ethernet cables from both of the slow ones.  Worse, if I do that, then plug the cable to either of the slower networks back in, AnyConnect disconnects and re-connects over the slower one.

 

Is there any way to force AnyConnect to use a specific adapter?  I don't care whether it is normal configuration or a registry hack, I just want some control over the situation.

 

Windows 10

AnyConnect 4.6.01098

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-24-2020 06:27 PM

Hi

I don't see any tricks to force a specific client interface.
The only way, you can try is to add a specific route for your public vpn ip through a specific interface.
It will use your machine routing table.

Can you show the output of route print command?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

6 Replies 6

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎02-24-2020 06:27 PM

Hi

I don't see any tricks to force a specific client interface.
The only way, you can try is to add a specific route for your public vpn ip through a specific interface.
It will use your machine routing table.

Can you show the output of route print command?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
talkingscott
Level 1
Level 1
In response to Francesco Molino

‎02-24-2020 07:51 PM

I printed the route table and immediately saw the solution.  Although the metrics give correct routing in Windows, just having routes for 0.0.0.0/0 on all interfaces gives AnyConnect a chance to use any interface.  All I have to do is delete the routes for my slower interfaces and AnyConnect will have no choice.

Right now, with one of the slow networks plugged in, I have

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.102     10
          0.0.0.0          0.0.0.0        10.96.1.1       10.96.1.23     60

I want AnyConnect to use 192.168.1.102, so all I have to do is delete the route for 10.96.1.23.

route delete 0.0.0.0 mask 0.0.0.0 10.96.1.1
0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to talkingscott

‎02-24-2020 07:58 PM

Yes you can remove your default or add a more specific for your vpn public ip if you want to keep them both.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
talkingscott
Level 1
Level 1
In response to Francesco Molino

‎02-24-2020 08:00 PM

Francesco - Upon re-reading your post, I realize that you are correct.  Rather than deleting the route, I could add a route specific to the IP of the VPN server that uses the desired interface, and AnyConnect would use that.  It is a better solution that route deletion because it will "stick", whereas a deleted route will return if I un-plug then plug the Ethernet cable on that adapter.

0 Helpful

Go to solution
Muhammad Awais Khan
Cisco Employee
Cisco Employee

‎02-24-2020 06:38 PM - edited ‎02-24-2020 06:39 PM

Hi,

 

I can suggest one work around. Install Anyconnect NAM. Although use of NAM module is very vast like it will basically allow type of authentication to use for Dot1x but we can ignore this part. With NAM Module, you can also have option to choose which adapter/network/ssid to use for your network connection.

 

You can choose manually or you can create a script using NAM profile editor to hard code it. 

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect40/administration/guide/b_AnyConnect_Administrator_Guide_4-0/configure-nam.html#ID-1424-000001cb

0 Helpful

Go to solution
talkingscott
Level 1
Level 1
In response to Muhammad Awais Khan

‎02-24-2020 07:55 PM

From the link you provided:

 

The Network Access Manager is designed to be single homed, allowing only one network connection at a time. Also, wired connections have higher priority than wireless so that if you are plugged into the network with a wired connection, the wireless adapter becomes disabled with no IP address.

 

So, it will force AnyConnect to use one network interface.  Unfortunately, it will disable the other interfaces, which I can't let happen.

0 Helpful
Customers Also Viewed These Support Documents