Showing results for 
Search instead for 
Did you mean: 

Vista/Win 7 routing metric problem with default routes affecting RA clients

I've been intermittently experiencing the OS routing problem affecting default routes with RA clients using various ASA and IOS VPN services.  I've seen this with the introduction of Vista.  Been too busy with higher priority projects to properly address this with Cisco/Microsoft.  With newer IT staff and our school adopting more win 7 from XP, the problem is becoming more troublesome.  (tried to skip vista for company owned systems)

MS OS auto creates a default route with metric  of <100(typically 25) on wired/wireless interface.  Various versions(5.0.x) of clients establishes a default route metric of 100.  My RA VPN services are NOT split tunnel configured.


1)  Manually set network adapter interface metric to 101 and leave it alone

(I personally do not like this as a patch solution)


2)  - VPN not connected, manually set the adapter to metric 101 from Auto.  Verify using route print.

     - close and restart Vista/Win 7 and verify default route at 101

     - go back into adapter and revert back to auto metric setting and restart

When you check default route, MS OS seems to auto calculate the interface metric and sets it to something like 280 something.  Cisco RA clients seem to use metric 100 as a default.  This method has worked on every Vista/Win 7, 32/64-bit, Premium, Business, and Pro versions.  XP never had this issue with MS auto default route and Cisco RA client DR.

Anyone have more insight or info?  I'm finally starting a TAC case for it.

1 Reply 1


Removing the permit ip any any from the acl in the VPN group config(IOS) results in the VPN client using a metric of [OS DR metric] + 1.

So for wireless, OS DR is 25.  Client uses 26.  Gig port uses 10, Client uses 11.

VPN client DR still has a higher metric, lower priority and traffic doesn't use tunnel.

Working with TAC.