Reset Search



KB16551 - Pulse Secure Desktop client VPN Tunneling adapter or Network Connect Adapter's default gateway is blank or on Windows client

« Go Back


Last Modified Date9/23/2015 11:48 PM

The VPN Tunneling adapter, Pulse Secure desktop client or Network Connect, shows that the default gateway is blank or on Windows Operating Systems. This behavior does not affect the functionality of the VPN connection and is working as designed.

Problem or Goal


  • When you enable Split Tunneling, enable Split Tunneling with route change monitor, or enable Split Tunneling with allowed access to local subnet configured, the default gateway is set to blank (XP) or (Vista/7). Is this a problem?

Windows Vista OS and Windows 7 displays:

VPN Tunneling IP Address: X.X.X.X
Default Gateway IP Address:

Windows XP displays:

VPN Tunneling Address: X.X.X.X
Default Gateway IP Address: X.X.X.X (same as Network Connect IP.)

  • When connected through Network Connect and issuing ipconfig /all on Vista OS or Windows 7, the following is displayed:
  • Why does Vista and Windows 7 would give the default gateway as when connected on Network Connect.

This behavior does not affect the functionality of the VPN connection and is working as designed.

Once you install Network Connect or Pulse Secure Desktop client,  your computer becomes multi-homed, meaning your machine has multiple interfaces. Since the VPN Tunneling client function is to serve as a remote access method, it is always assumed that machine's NIC is configured on a disjointed network, or a network that is physically separate from your VPN network. Only one default gateway needs to be configured on any multi-homed computer. The default gateway is a global configuration setting and not a setting that must be set for each network adapter, unless both NICs are on the same contiguous network and you require fault tolerance.

The VPN Tunneling configuration by the Connect Secure admin already pre-determines the networks that must be routed through the VPN tunnel.  A route will be added for those networks once the VPN is connected. This method ensures that traffic meant for the corporate intranet is routed through the VPN tunnel while all other traffic will go through the machine's NIC.

When you have disabled Split Tunneling, the Default Gateway is set to your VPN Tunneling IP since all network traffic from the client should go through the tunnel. In Windows XP, VPN Tunneling routes are added with a lower metric (the route with the lowest metric is the one which will be used), but in Vista/7 the local routes are removed completely to ensure all traffic is routed through the VPN tunnel.  (See KB17354 for more information.) The Default Gateway is also set to your VPN Tunneling IP when you have chosen Allow access to local subnet, but SA will preserve the route on the client retaining access to local resources such as printers.

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255