AnyConnect client eating other VPN client routes in Windows 10

Had a Windows 7 PC with AnyConnect 4.5 and Palo Alto GlobalProtect 4.1. Both VPNs use split tunnel. I was able to connect to both VPNs simultaneously and do my work. After connecting to Global Protect, I see this in netstat -rn:

10.69.0.0 255.255.0.0 On-link 10.69.69.206 1

I then connect to AnyConnect which adds this route:

10.0.0.0 255.0.0.0 10.11.12.1 10.11.12.225 2

No problem since the 10.69.0.0/16 route is still there and overrides the 10.0.0.0/8. All so good.

However, I’ve been forced to switch to a Windows 10 PC and now having problems, specifically with AnyConnect removing the GlobalProtect’s routes. Not sure if it’s specifically because of the 10.0.0.0/8 overlap, but when I connect to AnyConnect, the 10.69.0.0/16 route disappears from the route table.

​

SOLVED!!!

The new Windows 10 laptop shipped with AnyConnect 4.3. I had custom upgraded the Windows 7 laptop to AnyConnect 4.5 since I knew 4.3 was end of life. Repeated the upgrade to 4.5.05030 and works fine now.

​

Too lazy to read through the AnyConnect bugs but I’m sure I was hitting one. Have been nagging them to get on AnyConnect 4.4 or 4.5 and it’s fallen on deaf ears.

​

Not really sure what the bug was, but 4.3 always worked well with my old Juniper VPN as well. I have a friend that works at Palo Alto, I can ask if the bug is on their side or Cisco, but if upgrading Cisco’s VPN fixed it, it’s probably them.

I’d upgrade to AC 4.6. Cisco announced they won’t be supporting anything earlier going forward.

Well the plot thickens. Although I’m good to go on Windows 10, a co-worker just reported to me she’s having the same problem on a High Sierra Mac and is already upgraded to AnyConnect 4.5.05030. When she connects to AnyConnect, she gets the 10.0.0.0/8 route from our parent company but all the smaller 10.X ones disappear in netstat -rn

Good to know. We’re in a merger process and I’ll only have access to our old ASA (and its AnyConnect licenses) for another few weeks.