cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9384
Views
0
Helpful
10
Replies

AnyConnect Secure Mobility Client v 3.0 adding route to local DHCP server?

prospero
Level 1
Level 1

Has anyone run across this? We just rolled the Cisco AnyConnect Secure Mobility Client version 3.0.1047 and have noticed that when the VPN connection is established, a route is added to the local PC for the DHCP server itself, which uses the IP address of the default gateway as the next hop. Since the DHCP server is local (and is not running on the same device as the default gateway) this effectively renders the DHCP server inaccessible since the packets go from the client PC to the default gateway at which point it dies (in this case the default gateway is a Cisco ASA).

Here is an example from the route print output (Windows 7 x64):

192.168.13.101  255.255.255.255    192.168.13.1  192.168.13.119     11

So in this case, 192.168.13.101 is the local server running DHCP (and DNS and AD). 192.168.13.1 is the inside interface of the ASA (the default gateway of all the boxes on that network). 192.168.13.119 is the IP address of the client machine running the AnyConnect software. If the client machine has a static IP address, a route entry is not added. Similarly, as soon as the VPN is disconnected, the route entry is removed.

So while I think I know what is happening, I have no idea why it is happening or what to do about it. We have tried reinstalling the VPN client (didn't fix it), tried running the VPN client on other systems (same problem) and had folks at various locations repeat the tests. If the DHCP server and the default gateway are the same device, it's no big deal. The problem is when they aren't.

Anyone seen anything like this or have any idea what might be causing it?

10 Replies 10

Nicolas Meessen