Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!
Override default gateway set by cisco anyconnect VPN client
I connect to a client that uses Cisco's Anyconnect VPN. When I connect, the anyconnect overrides my default gateway, forcing all of my internet traffic thru them. With the VPN client built in to Windows, I could uncheck "use default gateway on remote network" and then manually create some routes go get to machines on that network. However, no such luck with the cisco client. It provides no such option.
I've tried to delete or change the gateway with netsh which appears to work, but then route print still shows the remote gateway as the default. "route change 0.0.0.0" and "route delete 0.0.0.0" have no effect.
This guy was able to do it in linux, but so far I've not made any progress in XP:
http://www.petefreitag.com/item/753.cfm
I've tried to delete or change the gateway with netsh which appears to work, but then route print still shows the remote gateway as the default. "route change 0.0.0.0" and "route delete 0.0.0.0" have no effect.
This guy was able to do it in linux, but so far I've not made any progress in XP:
http://www.petefreitag.com/item/753.cfm
Asked:
3 Solutions
The reason that Cisco VPN client is so successful as a remote access solution is that there is ZERO that the end user can do to change the desired behavior when they are connected to the corporate network. Some companies allow split-tunneling, some do not. If you cannot convince the client to create you a separate connection profile with split-tunneling enabled, you are out of luck.
Hmm. I hate that Cisco VPN defauls *everything* down the tunnel. IMHO this should be a selectable option.
I've never tried to divert the *default* back to my local router.
But I have successfully added specfic routes which over-ride the default for accessing things like the local network properly. Until I did this, my partner who works from home on her office laptop with Cisco VPN was unable to play music off our home server, for example, or use the printers on our home network. A ROUTE ADD specifying traffic to <local LAN range> should go via <laptop's lan address> over-rides the default route and all of a sudden she can use all our local resources as well as office services.
We have used a similar trick whilst travelling so that we can access streaming media directly from it's soure server whilst also logged in to the VPN - otherwise the setting forces the streaming media content to try to route via the office network which is really slow (and which fails anyway coz the office firewall won't let it in!)
So - not sure if you can over-ride the default globally, but you can certainly introduce specific routes which then ignore the default.
I've never tried to divert the *default* back to my local router.
But I have successfully added specfic routes which over-ride the default for accessing things like the local network properly. Until I did this, my partner who works from home on her office laptop with Cisco VPN was unable to play music off our home server, for example, or use the printers on our home network. A ROUTE ADD specifying traffic to <local LAN range> should go via <laptop's lan address> over-rides the default route and all of a sudden she can use all our local resources as well as office services.
We have used a similar trick whilst travelling so that we can access streaming media directly from it's soure server whilst also logged in to the VPN - otherwise the setting forces the streaming media content to try to route via the office network which is really slow (and which fails anyway coz the office firewall won't let it in!)
So - not sure if you can over-ride the default globally, but you can certainly introduce specific routes which then ignore the default.
Featured Post
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
Split tunneling for Cisco devices is configured on the hardware you are establishing your connection to. If split tunneling is not setup on the router/pix/asa/etc, I do not know of any other way to change how traffic is routed when connected to a VPN.