I connect to a Palo Alto GlobalProtect VPN using split tunnel, and see this via the Windows the "route print" command:
10.10.0.0 255.255.0.0 On-link 10.20.206.201 1
10.20.0.0 255.255.0.0 On-link 10.20.206.201 1
Perfect. Those are the two split tunnel routes and 10.20.206.201 is the tunnel interface on the Palo Alto.
Then I connect to a Cisco AnyConnect VPN using split tunnel, sending a 10.0.0.0/8 route. Now I see this:
10.0.0.0 255.0.0.0 10.8.192.1 10.8.192.30 2
10.10.0.0 255.255.0.0 On-link 10.20.206.201 1
10.10.0.0 255.255.0.0 10.8.192.1 10.8.192.30 2
10.20.0.0 255.255.0.0 On-link 10.20.206.201 1
10.20.0.0 255.255.0.0 10.8.192.1 10.8.192.30 2
What the heck is up with the 3rd and 5th routes? 10.10.0.0/16 and 10.20.0.0/16 are NOT in the AnyConnect split tunnel. I realize it's not being followed since the metric (2) is higher, but why did it get created in the first place?
I'm on Windows 10. GlobalProtect 4.1.5, AnyConnect 4.6.03049
No comments:
Post a Comment