Setting default gateway in subnetted network

Similar Messages

• Can I enable "Use default gateway on remote network" on VPN connection using Group Policy?

  Hi,
  First timer here so please bear with me!
  Environment: Domain Windows 2003, Clients: Windows 7 and Windows XP (with Client Side Extensions pushed out)
  When creating a VPN connection on a client machine manually with default settings the "Use default gateway on remote network" found in [Connection Properties - Networking - IPv4 - Advanced] is enabled, which is good as we don't allow split-tunneling.
  I have a test GPO that creates a new VPN Connection [Computer Config - Preferences - Control Panel - Network Options], but the above setting is unticked.
  Am I missing something on the options for the GP preference to set this automtically?
  I can write a script to directly change the C:\Users\All Users\Microsoft\Network\Connections\Pbk\rasphone.pbk file but would prefer if I could sort it all out using Group Policy.
  Any help would be greatly appreciated!
  Thanks a lot!
  David

  Shane,
  There is actually a way to set the "Use default gateway on remote network" through Group Policy Preferences. And this may even be a better way to do it, because you may change this flag without touching any other settings, or other VPN connections.
  (All VPN connections are stored in the same .pbk file.)
  Here's the trick: Opening the .pbk file in notepad, I realized that this is actually an oldstyle ini-structured file. And Group Policy Preferences can update ini files! In the .pbk file the section names are the VPN connections names, like [My VPN],
  and the property IpPrioritizeRemote is the flag "Use default gateway on remote network".
  So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
  Create a new object with Action = Update, and File Path =
  C:\ProgramData\Microsoft\Network\Connections\pbk\rasphone.pbk
  (If this is where your file is located, I guess it is in c:\users if the VPN connection is made for a single user.)
  Section Name should be the display name of your VPN connection, without the brackets.
  Property Name = IpPrioritizeRemote
  Property Value = 1
  Peter, www.skov.com, Denmark
  Peter :-)
  This is great, but just one question. I also want to append a list of DNS Sufixes in order (when viewing a VPN properties, this is buried in
  "Networking --> IPv4/6 --> Advanced --> DNS --> Append these DNS Suffixes (in order)". However, for the VPNs I have manually created with this list populated, I can't see any entries in the rasphone.pbk. Does anyone know
  where these are stored?
  Cheers.

• Windows 8.1 Pro Need command to disable "Use default gateway on remote network" option on VPN connection"

  Hello!
  I want to create bat script to create several VPN connection.
  There is powershell command to create vpn connection:
  add-vpnconnection -name "Test VPN" -serveraddress "vpn.example.com" -splittunneling -tunneltype "pptp"
  And I need to create VPN connection without the option "Use default gateway on remote network" option on VPN connection"
  Or modify this option on existent VPN connection with command.
  Please help me to find command option or other command to disable "Use default gateway on remote network" option on VPN connection" feature.

  http://technet.microsoft.com/nl-nl/library/ee431701%28v=ws.10%29.aspx RouteIPv4TrafficOverRAS True – Add a default gateway on the VPN connection False – Do not add default gateway on the VPN connection

• How to set default gateway

  I have created two Virtual machine of windows server 2008 R2 (VM1 & VM2 respectively). I am configuring domain controller on VM1 and VM2 will be my member server.
  My Host system is windows 7 and my ISP does NOT provide me with a static IP.
  When I configure domain controller on VM1 it asks me to configure static IP address first. I have given 10.0.0.2 as a static IP on VM1 and the default value of subnet mask is populated. 
  For preferred DNS and Alternate DNS server I have given the same static IP address (i.e 10.0.0.2).
  Note - As am planning to use the local computer (i.e VM1) as my preferred DNS and alternate DNS.
  Q1) What should I set as the 'default gateway' on VM1 ? 
  Q2) Once I've set up the domain controller, can I configure DHCP server on VM1 and assign IP to VM2 ? 
  Q3) VM2 being a (domain)member server, can we assign static IP to it ? If yes What would be the values in gateway, Preferred DNS and Alternate DNS field ?

  Thanks for answers. Doing this configuration for first time this is little confusing for me.
  @Milos
  Step No. 15 says
  "If you do not have static IPv4 and IPv6 addresses assigned to your network adapters, a warning message might appear advising you to set static addresses for both of these protocols before you can continue."
  The warning message did appear. 
  Before I start to configure Active Directory Domain Services, I
  will have to provide a static IP to the system. Correct? 
  I have two virtual machines (windows server 2008 R2) running on my VMware workstation. I do not require two domain controllers, my requirement is the first virtual machine (i.e VM1) should be the domain controller and the second virtual machine (i.e VM2) should
  me a domain member server (NOT a domain controller or a child domain)
  As you have explained, that Before you run DCPROMO,
  there is following configuration:
  IP address            10.0.0.2
  MASK                 255.0.0.0
  Deafault gateway  10.0.0.1  if
  this is IP address of ryour outer.
  Preferred DNS     10.0.0.2
  I would like to understand, is this what you mean by having a static IP ?
  I am pasting three screenshot below, 
  1st) ipconfig of my host system. 

• Setting Default Gateway on O

  I have a LAG with two VLANs in it.
  Setup
  VLAN 1 (Untaged default) is connected to the '192.168.11.x', which connects to the "10.1.10.x", which connects to the internet.
  VLAN 3 (Tagged) is connected directly to "10.1.10.x" which connects to the internet.
  Situation;
  When both VLAN3 and VLAN1 are up, default gateway is 192.168.11.1
  When VLAN1 is down, default gateway is 10.1.10.1
  *Desired configuration;*
  How do I make the VLAN3 interface the default, or the directly attached network of 10.1.10.x the default, when it is enabled?
  I have tried this, but must be missing something;
  +kevin-cossaboons-mac-pro:~ kevincossaboon$ sudo route -nv add -net 0.0.0.0 10.1.10.1+
  Password:
  +u: inet 0.0.0.0; u: inet 10.1.10.1; RTM_ADD: Add Route: len 128, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,STATIC>+
  +locks: inits:+
  +sockaddrs: <DST,GATEWAY,NETMASK>+
  +default 10.1.10.1 default+
  +route: writing to routing socket: File exists+
  +add net 0.0.0.0: gateway 10.1.10.1: File exists+
  +kevin-cossaboons-mac-pro:~ kevincossaboon$ netstat -r+
  +Routing tables+
  Internet:
  +Destination Gateway Flags Refs Use Netif Expire+
  +default 192.168.11.1 UGSc 30 171 bond0+
  +10.1.10/24 link#13 UCS 3 0 vlan0+
  +10.1.10.1 0.13.f7.af.e7.e6 UHLW 0 93 vlan0 995+
  +10.1.10.13 0.18.39.3b.42.95 UHLW 0 26 vlan0 178+

  In your network preferences click the cog wheel and choose set service order. Then drag vlan3 to the top of the list.

• Set default gateway on headless server (via ssh)

  I'm trying to configure one of the two ethernet interfaces on a headless Xserve. I managed to give it an address and subnet mask with ifconfig, but I can't figure out how to give it a default gateway or dns server.
  I tried using this:
  sudo route add default gw xxx.xxx.xxx.xxx en0
  but I got the error 'route: bad address: gw'
  is there something wrong with my syntax, or does this just not work on OS X?

  Something's wrong with your syntax
  Try:
  <pre class=command>sudo route add default a.b.c.d</pre>
  The keyword 'gw' is not needed, and you also don't need to specify an interface since the OS should be able to work it out from the IP address(es) assigned to your interface(s).

• Cascaded network unable to access default gateway att 5031nv

  Hello -  I have a Cisco 3750 sitting behind an ATT 5031 NV.  The Cisco device has the following networks 'living' on it: 10.1.1.1 /2410.1.2.1 /2410.1.3.1 /24 All of these have DHCP pools living on the Cisco device.  The default gateway they had out is the IP of the SVI (mentioned above).  I am using OSPF between those networks - and they can all talk fine.  I am using the 'default-information originate' command to obtain default route information. I have port Gi1/0/3 on the cisco device plugged into LAN port 4 on the ATT 5031 NV.  Port Gi 1/0/3 is configured with a static IP in the 192.168.1.x network as follows:
  ip address 192.168.1.2 255.255.255.0 On the ATT 5031 NV:  Settings > broadband > link configuration, I have the 'cascaded network' option selected: Network Address:  10.1.0.0 Subnet Mask:  255.255.0.0 Choose the router that will host the secondary subnet:          [Cisco Device Hostname] 192.168.1.2 (IP of Gi1/0/3 on cisco device) When i do this - i can ping from the 10.x.x.x networks to both 192.168.1.2 and 192.168.1.254 IP's - but i cannot get out to the Internet (neither by IP or hostname).   I should metion that I have tried the DMZ pinhole option - where i made my Gi1/0/3 get an IP by DHCP > rebooted it > and I got my device to show up with a 108.225.x.x external IP (which again, my 10.x.x.x's could ping) but I could not ping the default gateway for that network. What am i missing here?  anyone have any ideas?  Config to follow:  !interface GigabitEthernet1/0/3
  description DMZ to WAN
  no switchport
  ip address 192.168.1.2 255.255.255.0!interface Vlan1
  no ip address
  interface Vlan100
  description MANAGEMENT
  ip address 10.1.1.1 255.255.255.0
  interface Vlan120
  description xxxx WIFI
  ip address 10.1.2.1 255.255.255.0
  interface Vlan130
  description xxxx DATA
  ip address 10.1.3.1 255.255.255.0!router ospf 1
  network 10.1.1.0 0.0.0.255 area 1
  network 10.1.2.0 0.0.0.255 area 1
  network 10.1.3.0 0.0.0.255 area 1
  default-information originate!ip default-gateway 192.168.1.254!ip route 0.0.0.0 0.0.0.0 192.168.1.254 Any help would be greatly appricated.     

  Hi ,
  With the cascaded router option, the purpose of that option is to pass over your static IPs so that your gateway handles the traffic. If you do have a set of static IPs available, the only thing you want to change is the cascaded router IP. The network address should be the IP of your router, so it would be 192.168.1.2 according to your setup. 
  If you are just trying to do a router behind router setup, you actually do not need to use the cascaded router option, and just putting it in DMZ should take care of everything.
  Hope this helps.
  -ATTU-verseCare

• Default gateway

  How can I adjust the network settings on 5.8 ? I need to add in the default gateway for my network.
  Thanks

  you can issue command
  # route add default {your IP of gateway}
  If you want default gateway is set in bootup
  # echo "your IP of gateway" > /etc/defaultrouter
  Then restart
  Lucas

• Set Default Printer based on user setting using Powershell script

  Hi 
  I would like to create a script that runs on user log off and captures the default printer (set manually by the user) and then another script to reapply the settings (saved upon log off) when the user logs back in.
  This is because local printers are set as default printer (PDF Creator Programs) when we all use Network Printers so this means a user has to set default printer to the network printer all the time.
  I have found this script to start with:
  $Printer = Get-WmiObject -namespace root\cimv2 -Query “select * from Win32_Printer Where Default = TRUE” -Impersonation 3 | select name | out-file C:\temp\Printer.txt
  But the out file looks like this:
  name
  \\PrinterserverName\Accounts01
  Which I dont see how it can be used on another script plus there are spaces after\Account01 
  Any Ideas please?
  M
  Maelito

  Hi Maelito,
  According to your description, you want to export the default printer name to text file, then read this printer name from text file and set the default printer via Powershell:
  #save printer name to text file
  Get-WmiObject -namespace root\cimv2 -Query “select * from Win32_Printer Where Default = TRUE” -Impersonation 3 | select -ExpandProperty name | out-file C:\temp\Printer.txt
  # read printer name from text file and set default printer
  $name=get-content C:\temp\Printer.txt
  (Get-WmiObject -Class Win32_Printer -Filter "Name='$name'").SetDefaultPrinter()
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Setting up IP,Subnet, default gateway and secondary gateway in solaris 10 x

  Hi,
  I am new to solaris.
  I have instralled solaris10 x86 on my system.
  I am not able to access internet as i am not able to setup address.
  I use broadband and have static ip address.
  How do i configure them...
  ip, subnet, default gateway, and secondary gateway.
  Thanks in advance.

  run sys-unconfig and after reboot set the parameters (IP, etc)
  What do you mean second gateway?

• Setting permanent default gateway in OEL 6

  Hello,
  how can a default gateway be set permanently in OEL6?
  At the moment I am setting iit manually every time the machine or the network service is restarted:
  $ /sbin/route add -net default gw IPADDRESSThanks on advance.
  Angel

  Hi again,
  looks like we managed to achieve the target following the steps in section 4.4 of the Deployment manual at http://linux.oracle.com/documentation/EL6/Red_Hat_Enterprise_Linux-6-Deployment_Guide-en-US.pdf. The link you provided was pointing to Development manual.
  I created a file /etc/sysconfig/network-scripts/route-bond0.764 with the following content:
  0.0.0.0/0 via 10.7.79.250 dev bond0.764Using the "network/netmask" format. That way it works all right:
  $netstat -rn
  Kernel IP routing table
  Destination Gateway Genmask Flags MSS Window irtt Iface
  0.0.0.0 10.7.79.250 0.0.0.0 UG 0 0 0 bond0.764Just for FYI, first of all I tried with the following content:
  default 10.7.79.250 dev bond0.764But when bouncing the network service, I was getting this error:
  Bringing up interface bond0.764: Error: either "to" is a duplicate, or "10.7.79.250" is a garbage.'Not sure which was the reason for this error anyway.
  Looks like when using channel bonding, gateway specification in the usual files (/etc/sysconfig/network or /etc/sysconfig/network-scripts/ifcfg-bond* ) makes no effect for any reason.
  Let me know if I can do something to find out why it makes no effect.
  Thanks a lot for you help.
  Angel
  Let me know if I can help

• Wrt54g default gateway setting

  I am looking to use my wrt54g router with my FIOS and Actiontec router/modem. Both use the same default gateway. How do I change the default gateway on my wrt54g from 192.168.1.1 to 192.168.1.0?
  When I open up this address with IE and the Linksys setup pages come up there is no place to change the default gateway. Any suggestions?
  thank you in advance
  John

  Are you trying to change the IP of your router?  If so, that should be on the first page that comes up when you login to the router.  I'm confused by you saying that you want to change the "default gateway."

• Default Gateway when connected to VPN

  Thanks for reading!
  This is probably a dump question so bear with me...
  I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
  My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
  This is who it looks like now:
          Anslutningsspecifika DNS-suffix . : VPNOFFICE
          IP-adress . . . . . . . . . . . . : 10.10.10.1
          Nätmask . . . . . . . . . . . . . : 255.255.255.0
          Standard-gateway  . . . . . . . . :
  The internal network is :
  172.16.12.0 255.255.255.0
  Below is my config for the ASA, thanks a lot!!!!!!!
  !FlASH PÅ ROUTERN FRÅN BÖRJAN
  !asa841-k8.bin
  hostname DRAKENSBERG
  domain-name default.domain.invalid
  enable password XXXXXXX
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.16.12.4 255.255.255.0
  interface Vlan10
  nameif outside
  security-level 0
  ip address 97.XX.XX.20 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 10
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  clock timezone CEST 1
  clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
  access-list MSS_EXCEEDED_ACL extended permit tcp any any
  access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
  access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
  tcp-map MSS-MAP
    exceed-mss allow
  pager lines 24
  logging enable
  logging timestamp
  logging buffer-size 8192
  logging console notifications
  logging buffered notifications
  logging asdm notifications
  mtu inside 1500
  mtu outside 1500
  ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any inside
  icmp permit any outside
  asdm image disk0:/asdm-625-53.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list nonat
  nat (inside) 1 172.16.12.0 255.255.255.0
  route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  http server enable
  http 172.16.12.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 65535
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 172.16.12.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  group-policy VPNOFFICE internal
  group-policy VPNOFFICE attributes
  dns-server value 215.122.145.18
  vpn-tunnel-protocol IPSec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN-SPLIT-TUNNEL
  default-domain value VPNOFFICE
  split-dns value 215.122.145.18
  msie-proxy method no-proxy
  username admin password XXXXXX privilege 15
  username Daniel password XXXXX privilege 0
  username Daniel attributes
  vpn-group-policy VPNOFFICE
  tunnel-group VPNOFFICE type remote-access
  tunnel-group VPNOFFICE general-attributes
  address-pool VPN
  default-group-policy VPNOFFICE
  tunnel-group VPNOFFICE ipsec-attributes
  pre-shared-key XXXXXXXXXX
  class-map MSS_EXCEEDED_MAP
  match access-list MSS_EXCEEDED_ACL
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
    inspect icmp error
    inspect pptp
    inspect ipsec-pass-thru
    inspect icmp
  class MSS_EXCEEDED_MAP
    set connection advanced-options MSS-MAP
  service-policy global_policy global
  privilege cmd level 3 mode exec command perfmon
  privilege cmd level 3 mode exec command ping
  privilege cmd level 3 mode exec command who
  privilege cmd level 3 mode exec command logging
  privilege cmd level 3 mode exec command failover
  privilege cmd level 3 mode exec command packet-tracer
  privilege show level 5 mode exec command import
  privilege show level 5 mode exec command running-config
  privilege show level 3 mode exec command reload
  privilege show level 3 mode exec command mode
  privilege show level 3 mode exec command firewall
  privilege show level 3 mode exec command asp
  privilege show level 3 mode exec command cpu
  privilege show level 3 mode exec command interface
  privilege show level 3 mode exec command clock
  privilege show level 3 mode exec command dns-hosts
  privilege show level 3 mode exec command access-list
  privilege show level 3 mode exec command logging
  privilege show level 3 mode exec command vlan
  privilege show level 3 mode exec command ip
  privilege show level 3 mode exec command ipv6
  privilege show level 3 mode exec command failover
  privilege show level 3 mode exec command asdm
  privilege show level 3 mode exec command arp
  privilege show level 3 mode exec command route
  privilege show level 3 mode exec command ospf
  privilege show level 3 mode exec command aaa-server
  privilege show level 3 mode exec command aaa
  privilege show level 3 mode exec command eigrp
  privilege show level 3 mode exec command crypto
  privilege show level 3 mode exec command vpn-sessiondb
  privilege show level 3 mode exec command ssh
  privilege show level 3 mode exec command dhcpd
  privilege show level 3 mode exec command vpnclient
  privilege show level 3 mode exec command vpn
  privilege show level 3 mode exec command blocks
  privilege show level 3 mode exec command wccp
  privilege show level 3 mode exec command webvpn
  privilege show level 3 mode exec command module
  privilege show level 3 mode exec command uauth
  privilege show level 3 mode exec command compression
  privilege show level 3 mode configure command interface
  privilege show level 3 mode configure command clock
  privilege show level 3 mode configure command access-list
  privilege show level 3 mode configure command logging
  privilege show level 3 mode configure command ip
  privilege show level 3 mode configure command failover
  privilege show level 5 mode configure command asdm
  privilege show level 3 mode configure command arp
  privilege show level 3 mode configure command route
  privilege show level 3 mode configure command aaa-server
  privilege show level 3 mode configure command aaa
  privilege show level 3 mode configure command crypto
  privilege show level 3 mode configure command ssh
  privilege show level 3 mode configure command dhcpd
  privilege show level 5 mode configure command privilege
  privilege clear level 3 mode exec command dns-hosts
  privilege clear level 3 mode exec command logging
  privilege clear level 3 mode exec command arp
  privilege clear level 3 mode exec command aaa-server
  privilege clear level 3 mode exec command crypto
  privilege cmd level 3 mode configure command failover
  privilege clear level 3 mode configure command logging
  privilege clear level 3 mode configure command arp
  privilege clear level 3 mode configure command crypto
  privilege clear level 3 mode configure command aaa-server
  prompt hostname context
  Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
  : end

  I didn't realise I had that crypto settings on, thanks my bad!!!
  But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
  The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
  the vpn network is staticly routed back to my ASA in that firewall...
  I don't like this solution.. but this is who it looks.. for now..
  (VPN network is 10.10.10.X/24)
  But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
  THANKS for all the help!

• Incorrect Default Gateway for Clients using a Concentrator

  Hey all,
  Hopfully an easy one - I'm trying to configure a VPN Concentrator for use with the old VPN Client for an IPSec CVPN.
  The clients connect fine, but they are getting the incorrect default gateway during the address assignment.
  My address pool is 192.168.0.128/25.  The client correctly picks up the first address in the range, 192.168.0.129, but the default gateway for the VPN adapter is assigned as the next address in the range, 192.168.0.130.
  I need the gateway address to be 192.168.0.254 (the SVI of the L3 switch connected to the Concentrator), but I can't for the life of me fine a configuration option anywhere in the pool assignment.  I've set the tunnel default gateway to this 192.168.0.254, but this makes no difference.
  Any ideas where I can find this config option?
  Thanks!

  Andrew
  In the chart that you posted about the routing setup it refers to a DMZ network and DMZ gateway. Can you clarify what these are since I do not see them in the drawing that is in that post?
  I agree with Herbert that it is cleaner to have the address pool on the concentrator use addresses that do not overlap with the concentrator subnet connecting to the layer 3 switch. And as long as the layer 3 switch has a route to that address pool, and the next hop in the route is the address of the concentrator interface then the separate pool addressing should work just fine.
  I have re-read this thread and want to make sure that after some changes that you have made that the problem symptoms are still the same. You told us earlier that: "Now the client can ping the interfaces on its local LAN (concentrator  interface 192.168.0.253, and the L3 switch, 192.168.0.253), but it  cannot reach the rest of our internal LAN behind the layer 3 switch." Is this still an accurate statement of the problem?
  As Herbert said earlier this could either be caused by the concentrator not have a correct route for the inside or it could be  because the inside does not have a correct route to the client. In re-reading your description of the routing set up it looks like the concentrator has a default route configured but not the tunnel default route. May I suggest that you try configuring a tunnel default route (in addition to the normal default route) and see whether that makes any difference?
  If that does not help the problem then I would suggest that you verify that the devices on the inside do have their default gateway set correctly and that the layer 3 switch does have a route for the VPN address pool with the concentrator interface address as the next hop.
  HTH
  Rick
  [edit] I just focused on the question that you asked about the concentrator possibly needing a route for the address pool. The concentrator does not need any route statements for the address pool - it knows its own address pool, pretty much like having a connected interface subnet. The layer 3 switch is what needs a route for the address pool.

• Some clients get Default Gateway assigned from WRT300N while others don't

  Two existing desktops, one wired other wireless and existing laptop wireless connects to internet fine.
  Trying to add work laptops, they aquire wireless signal, gets DHCP IP address assigned but doesn't connect. Looked at the ipconfig output and shows no default gateway - router IP is set to 192.168.1.1 - with everything default, I did a reset on it.
  The existing machines all have default gateway assigned. Only difference I see is work machines are XP pro. Never had problems with work laptops connecting anywhere else.
  Any ideas on how to setup so work laptops can connect?
  Solved!
  Go to Solution.

  namralk wrote:
  Ethernet adapter VMware Network Adapter VMnet8:
          Connection-specific DNS Suffix  . :
          Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
          Physical Address. . . . . . . . . : 00-50-56-C0-00-08
          Dhcp Enabled. . . . . . . . . . . : No
           IP Address. . . . . . . . . . . . : 192.168.1.1
          Subnet Mask . . . . . . . . . . . : 255.255.255.0
           Default Gateway . . . . . . . . . : 
  You have configured vmware on your computer to use 192.168.1.1 on the VMnet8 adapter. This means the computer uses 192.168.1.1 itself on that adapter and obviously won't set 192.168.1.1 as default gateway on your wireless adapter because 192.168.1.1 is the computer itself.
  Fix your network configuration in vmware. After that a "ipconfig /renew *" or a reboot should obtain a new working lease including the default gateway. Make sure vmware does not use the 192.168.1.0/255.255.255.0 subnet for it's network adapters.