Cisco ASA Anyconnect Remote Access VPN

Hello Giovanni

What you will find is that if you enabled split tunneling, you will see no default gateway. If you’ve disabled split tunneling, then the first IP from the client’s IP address and subnet mask combination will be chosen as the default gateway. There is no way to configure this parameter as it is hard coded into the way AnyConnect works.

Now having said that, the default gateway of a VPN client is really of no consequence. The default gateway is only significant when configured on an interface in a more traditional setting. However, when using VPNs such as AnyConnect, which uses a virtual interface, it doesn’t need a default gateway. The VPN connection is being treated as a point to point connection, so you really don’t care about the next hop IP. You just send everything out of the virtual interface.

The routing logic of an AnyConnect client is that all interesting traffic is sent to the upstream VPN peer using the encrypted link. This link uses the peer address and not a default gateway address. So the actual value in the default gateway, whether blank or anything else, is just ignored.

I hope this has been helpful!


PS Take a look at this Cisco Community link for more info: