Has anyone run across this? We just rolled the Cisco AnyConnect Secure Mobility Client version 3.0.1047 and have noticed that when the VPN connection is established, a route is added to the local PC for the DHCP server itself, which uses the IP address of the default gateway as the next hop. Since the DHCP server is local (and is not running on the same device as the default gateway) this effectively renders the DHCP server inaccessible since the packets go from the client PC to the default gateway at which point it dies (in this case the default gateway is a Cisco ASA).
Here is an example from the route print output (Windows 7 x64):
192.168.13.101 255.255.255.255 192.168.13.1 192.168.13.119 11
So in this case, 192.168.13.101 is the local server running DHCP (and DNS and AD). 192.168.13.1 is the inside interface of the ASA (the default gateway of all the boxes on that network). 192.168.13.119 is the IP address of the client machine running the AnyConnect software. If the client machine has a static IP address, a route entry is not added. Similarly, as soon as the VPN is disconnected, the route entry is removed.
So while I think I know what is happening, I have no idea why it is happening or what to do about it. We have tried reinstalling the VPN client (didn't fix it), tried running the VPN client on other systems (same problem) and had folks at various locations repeat the tests. If the DHCP server and the default gateway are the same device, it's no big deal. The problem is when they aren't.
Anyone seen anything like this or have any idea what might be causing it?