VPN drops Internet connectivity

chris.bias · ‎03-10-2022

I connect to the Cisco AnyConnect VPN and it drops the internet connection. Below is the IPConfig and print route outputs from the command line prompt:

C:\WINDOWS\system32>route print
===========================================================================
Interface List
12...00 05 9a 3c 7a 00 ......Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
17...c0 25 a5 65 bc 16 ......Intel(R) Ethernet Connection (13) I219-V
20...d6 1b 81 c8 e4 ef ......Microsoft Wi-Fi Direct Virtual Adapter #3
15...e6 1b 81 c8 e4 ef ......Microsoft Wi-Fi Direct Virtual Adapter #4
21...c0 25 a5 65 bc 17 ......Realtek USB GbE Family Controller #2
27...d4 1b 81 c8 e4 ef ......Qualcomm QCA61x4A 802.11ac Wireless Adapter
4...d4 1b 81 c8 e4 f0 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
28...00 15 5d 77 f6 08 ......Hyper-V Virtual Ethernet Adapter
33...00 15 5d 34 b8 e2 ......Hyper-V Virtual Ethernet Adapter #2
65...00 15 5d 7e 4a 60 ......Hyper-V Virtual Ethernet Adapter #3
79...00 15 5d de c3 38 ......Hyper-V Virtual Ethernet Adapter #4
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.22.45.1 172.22.45.143 291
0.0.0.0 0.0.0.0 192.168.15.1 192.168.15.10 2
12.190.110.211 255.255.255.255 172.22.45.1 172.22.45.143 36
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.17.48.0 255.255.240.0 On-link 172.17.48.1 5256
172.17.48.0 255.255.240.0 192.168.15.1 192.168.15.10 2
172.17.48.1 255.255.255.255 On-link 172.17.48.1 5256
172.17.63.255 255.255.255.255 On-link 172.17.48.1 5256
172.22.45.0 255.255.255.0 On-link 172.22.45.143 291
172.22.45.0 255.255.255.0 192.168.15.1 192.168.15.10 2
172.22.45.143 255.255.255.255 On-link 172.22.45.143 291
172.22.45.255 255.255.255.255 On-link 172.22.45.143 291
172.25.16.1 255.255.255.255 On-link 172.25.16.1 5256
172.30.64.0 255.255.240.0 On-link 172.30.64.1 5256
172.30.64.0 255.255.240.0 192.168.15.1 192.168.15.10 2
172.30.64.1 255.255.255.255 On-link 172.30.64.1 5256
172.30.79.255 255.255.255.255 On-link 172.30.64.1 5256
192.168.15.0 255.255.255.0 On-link 192.168.15.10 257
192.168.15.10 255.255.255.255 On-link 192.168.15.10 257
192.168.15.255 255.255.255.255 On-link 192.168.15.10 257
192.168.16.0 255.255.240.0 On-link 192.168.16.1 5256
192.168.16.0 255.255.240.0 192.168.15.1 192.168.15.10 2
192.168.16.1 255.255.255.255 On-link 192.168.16.1 5256
192.168.31.255 255.255.255.255 On-link 192.168.16.1 5256
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.22.45.143 291
224.0.0.0 240.0.0.0 On-link 172.17.48.1 5256
224.0.0.0 240.0.0.0 On-link 192.168.16.1 5256
224.0.0.0 240.0.0.0 On-link 172.30.64.1 5256
224.0.0.0 240.0.0.0 On-link 192.168.15.10 257
224.0.0.0 240.0.0.0 On-link 172.25.16.1 5256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.22.45.143 291
255.255.255.255 255.255.255.255 On-link 172.17.48.1 5256
255.255.255.255 255.255.255.255 On-link 192.168.16.1 5256
255.255.255.255 255.255.255.255 On-link 172.30.64.1 5256
255.255.255.255 255.255.255.255 On-link 192.168.15.10 257
255.255.255.255 255.255.255.255 On-link 172.25.16.1 5256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.22.45.1 Default
0.0.0.0 0.0.0.0 172.22.45.13 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 36 ::/0 On-link
1 331 ::1/128 On-link
12 291 fe80::/64 On-link
21 291 fe80::1541:c9f1:8b73:32b6/128
On-link
28 5256 fe80::3c54:a176:7515:eda5/128
On-link
33 5256 fe80::5408:ef8f:c661:b872/128
On-link
65 5256 fe80::6493:7358:8661:4198/128
On-link
12 291 fe80::6b06:6381:5d0b:2c5c/126
On-link
12 291 fe80::6b06:6381:5d0b:2c5d/128
On-link
12 291 fe80::75e2:8cab:f2d5:bef6/128
On-link
79 5256 fe80::c156:5741:8f9c:575/128
On-link
1 331 ff00::/8 On-link
21 291 ff00::/8 On-link
28 5256 ff00::/8 On-link
33 5256 ff00::/8 On-link
65 5256 ff00::/8 On-link
79 5256 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . :
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . :

Ethernet adapter Ethernet 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Physical Address. . . . . . . . . : 00-05-9A-3C-7A-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6b06:6381:5d0b:2c5d%12(Preferred)
Link-local IPv6 Address . . . . . : fe80::75e2:8cab:f2d5:bef6%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.15.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : ::
192.168.15.1
DHCPv6 IAID . . . . . . . . . . . : 1241515418
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
DNS Servers . . . . . . . . . . . : 172.22.45.115
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (13) I219-V
Physical Address. . . . . . . . . : C0-25-A5-65-BC-16
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
Physical Address. . . . . . . . . : D6-1B-81-C8-E4-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
Physical Address. . . . . . . . . : E6-1B-81-C8-E4-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek USB GbE Family Controller #2
Physical Address. . . . . . . . . : C0-25-A5-65-BC-17
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1541:c9f1:8b73:32b6%21(Preferred)
IPv4 Address. . . . . . . . . . . : 172.22.45.143(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.22.45.1
DHCPv6 IAID . . . . . . . . . . . : 717235621
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
DNS Servers . . . . . . . . . . . : 172.22.45.115
172.22.45.116
NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.la.comcast.net
Description . . . . . . . . . . . : Qualcomm QCA61x4A 802.11ac Wireless Adapter
Physical Address. . . . . . . . . : D4-1B-81-C8-E4-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : D4-1B-81-C8-E4-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter vEthernet (Ethernet):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter
Physical Address. . . . . . . . . : 00-15-5D-77-F6-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3c54:a176:7515:eda5%28(Preferred)
IPv4 Address. . . . . . . . . . . : 172.17.48.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 469767517
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Ethernet 3):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-34-B8-E2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5408:ef8f:c661:b872%33(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.16.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 553653597
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Wi-Fi):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #3
Physical Address. . . . . . . . . : 00-15-5D-7E-4A-60
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6493:7358:8661:4198%65(Preferred)
IPv4 Address. . . . . . . . . . . : 172.30.64.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 1090524509
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter vEthernet (Ethernet 4):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hyper-V Virtual Ethernet Adapter #4
Physical Address. . . . . . . . . : 00-15-5D-DE-C3-38
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::c156:5741:8f9c:575%79(Preferred)
IPv4 Address. . . . . . . . . . . : 172.25.16.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.240.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 1325405533
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-28-86-5A-67-C0-25-A5-65-BC-16
NetBIOS over Tcpip. . . . . . . . : Enabled

C:\WINDOWS\system32>

MHM Cisco World · ‎03-10-2022

if it windows
IP/TCP
disable use default GW in remote
try this .

Reboot the client pc after make change.

Rob Ingram · ‎03-10-2022

@chris.bias you either need to enable split tunnel and tunnel only specified networks or allow Internet access through the VPN headend. To do that you'll need to create a nat for your ravpn pool and allow traffic to hairpin.

chris.bias · ‎03-15-2022

Hey @Rob Ingram I apologize but it seems that I may be doing this wrong. I have the VPN pool created but can't seem to get it to work.

MHM Cisco World · ‎03-15-2022

Are your pool is

192.168.15.0 ?

If yes then vpn is ok check my above comment.

chris.bias · ‎03-15-2022

@MHM Cisco WorldI am not following your comment above....

MHM Cisco World · ‎03-16-2022

try disable this option.

chris.bias · ‎03-16-2022

@MHM Cisco World Well this would work but some of the users are using Windows 11 and this is not an option.

MHM Cisco World · ‎03-16-2022

https://www.google.com/amp/s/www.minitool.com/amp/news/set-up-vpn-on-windows-11.html

chris.bias · ‎03-16-2022

@MHM Cisco World This is for the Windows VPN program not Cisco Anyconnect VPN program that we use.

MHM Cisco World · ‎03-16-2022

I know but it show where and how you can disbale defualt gw.

It for win11.

Try and see if internet issue solve.

chris.bias · ‎03-16-2022

@MHM Cisco World Okay went ahead and tried it. Didn't work unfortunately.

Rob Ingram · ‎03-16-2022

@chris.bias internet traffic is tunnelled to the ASA? If so you need to create a NAT rule to hairpin the traffic or split tunnel the internet traffic out, so it is not sent to the ASA.

Provide configuration if required.

chris.bias · ‎03-16-2022

@Rob Ingram Right but I am not sure how to do the split tunnel the traffic or create a split tunnel with the provided config above.

Rob Ingram · ‎03-16-2022

@chris.bias you've not provided your ASA configuration? You'd need something like this to NAT the traffic and hairpin if you tunnel back to the ASA.

object network RAVPN_USERS
subnet 10.4.4.0 255.255.255.0
nat (outside,outside) dynamic interface

!

same-security-traffic permit intra-interface