Hey guys,
Confusing issue I have. I have remote developers who use Any Connect 4.0 to VPN back to HQ (ASA 5545, 9.7.1 code). We do split tunneling and allow 10.0.0.0/8 through the tunnel. However, developers use a VM on their computer that has an IP address in the 10.200.x.x subnet. The routing table on their Mac points to vbox for that subnet. Sometimes though, it points to the tunnel.
Now, I have 2 users testing Any Connect 4.5 and the problem always occurs. The route starts out pointing to vbox, then they connect and it points to the tunnel. This messes up communication with their VM and it is no good. However, Cisco is telling me that this is normal. One side of me says that I understand the VM subnet is within the allows split tunneling subnet and maybe can believe that it is normal, but the other side of me says that this usually was not happening on Any Connect 4.0, so which one is normal?
If this is confusing, I can provide some more info and maybe even some pictures. Quick and dirty is Mac has virtual route to VM (points to vbox) but sometimes while connected to VPN using Any Connect 4.0, the route changes to point to the tunnel and 100% of the time it happens on Any Connect 4.5. I am aware that I could put an exclusion or maybe only do 10.0.0.0/9 through the tunnel instead since I have no subnets in my network past 10.127.255.255, but I do not want to do that unless the behavior we are seeing is indeed expected.
No comments:
Post a Comment