Juniper Networks VPN Tunneling adapter (Network Connect or Junos Pulse) default gateway is blank or 0.0.0.0 on Windows client

The VPN Tunneling adapter, Junos Pulse or Network Connect, shows that the default gateway is blank or 0.0.0.0 on Windows Operating Systems. This behavior does not affect the functionality of the VPN connection and is working as designed.

Symptoms:

  • When you enable Split Tunneling, enable Split Tunneling with route change monitor, or enable Split Tunneling with allowed access to local subnet configured, the default gateway is set to blank (XP) or 0.0.0.0 (Vista/7). Is this a problem?
  • When connected through Network Connect and issuing ipconfig /all on Vista OS or Windows 7, the following is displayed:

Windows Vista OS and Windows 7 displays:

Windows XP displays:

  • Why does Vista and Windows 7 would give the default gateway as 0.0.0.0 when connected on Network Connect.

This behavior does not affect the functionality of the VPN connection and is working as designed.

Once you install Network Connect or Junos Pulse your computer becomes multi-homed, meaning your machine has multiple interfaces. Since the VPN Tunneling client function is to serve as a remote access method, it is always assumed that machine’s NIC is configured on a disjointed network, or a network that is physically separate from your VPN network. Only one default gateway needs to be configured on any multi-homed computer. The default gateway is a global configuration setting and not a setting that must be set for each network adapter, unless both NICs are on the same contiguous network and you require fault tolerance.

The VPN Tunneling configuration by the SSL VPN admin already pre-determines the networks that must be routed through the VPN tunnel. A route will be added for those networks once the VPN is connected. This method ensures that traffic meant for the corporate intranet is routed through the VPN tunnel while all other traffic will go through the machine’s NIC.

When you have disabled Split Tunneling, the Default Gateway is set to your VPN Tunneling IP since all network traffic from the client should go through the tunnel. In Windows XP, VPN Tunneling routes are added with a lower metric (the route with the lowest metric is the one which will be used), but in Vista/7 the local routes are removed completely to ensure all traffic is routed through the VPN tunnel. The Default Gateway is also set to your VPN Tunneling IP when you have chosen Allow access to local subnet, but SA will preserve the route on the client retaining access to local resources such as printers.

About the author

Prasanna

Leave a Comment