01-27-2017 07:02 AM - edited 02-21-2020 09:08 PM
One of my users is running a script from his bare metal host that makes a call to a VM server running on his laptop.
The VM needs to make a TCP call to a server on the other side of the VPN tunnel.
The user has an IP Address of 192.168.1.x on the bare metal (Apple IOS).
The VM running on his laptop has an IP address of 192.168.155.x
He wants his VM to connect to a server on the other side of the VPN tunnel.. the remote host has an IP Address of 10.10.1.x
If he is not connected to VM,, this (metal-2-VM-2-RemoteServer) connection works,, but when connected with Anyconnect VPN,, his laptop believes that 192.168.155.x exists on the tunnel, hence the host cannot communicate with the VM.
He is asking if there are any tweaks we can make to the AnyConnect client so that metal-2-VM-2-Remote server works.
Please see pics attached of "IP Route table not connected to VPN" and "IP Route table when connected to VPN"
Solved! Go to Solution.
01-27-2017 12:33 PM
What split tunnel routes are you pushing to the user through Anyconnect? Looks like you are pushing the 192.168/16 route via the tunnel which may be why this is adding the route for utun0.
One option you can try is that exclude the 192.168.155.x from the split tunnel list. But this is a change that needs that to be done on the group-policy (and applies it to all users using that group-policy). If you are running ASA 9.1(4) or later and Anyconnect 3.1.3013 or later, you can add a deny statement above the permit ACL's for split tunnels.
01-27-2017 12:33 PM
What split tunnel routes are you pushing to the user through Anyconnect? Looks like you are pushing the 192.168/16 route via the tunnel which may be why this is adding the route for utun0.
One option you can try is that exclude the 192.168.155.x from the split tunnel list. But this is a change that needs that to be done on the group-policy (and applies it to all users using that group-policy). If you are running ASA 9.1(4) or later and Anyconnect 3.1.3013 or later, you can add a deny statement above the permit ACL's for split tunnels.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide