I have ran into similar issue a long time ago. This stuff seems to work better now (or at least I have not ran into it in a while). Basically, I have seen issues when there is an IP address overlap with the internal network at the enterprise with the local address of the remote pc. What I can tell you is from memory. I think the network list for the routing table on the pc is built from the split tunnel list. The default gateway depends on if split tunneling is enabled or not. If not, it should point to the VPN Client network. Otherwise, only routes will point to the vpn client network. I would not pay much attention to an "ipconfig". What I would do is a "route print" from the command line. Get familiar and play with the following commands:
When I have had issues with my split-tunnel acl has a shorter match than a local address, you can push down a host route using a host entry in the split tunnel acl. You can even disable split tunneling by using a 0.0.0.0 route in a split tunnel acl and push down a host route. This allows you to manipulate your route table in the windows clients. Additionally, you can override a vpn client that is configured not to split tunnel by using the route add command. For example, if your company does not permit split tunneling, but you really need to get to site x.x.x.x you can use the following command.
route add x.x.x.x mask 255.255.255.255 y.y.y.y
where y.y.y.y is your local gateway.
I have done this when consulting for companies and connected to my vpn. With the need to access x.x.x.x server while connected to my vpn, I just add a route. There is a flag that you have to add if you want it to survive a reboot though (-p)
By no means is this an answer to your question, but maybe a bit of insight. At least I hope so.
Thanks for reply.
But I don't want to implementing split tunneling, because our company want to send all client traffic (Internet traffic also) through our ASA. And them ASA scan all traffic and permit to go to internet.
If I turn-on the split tunneling, in my local ip-setting I won't view a default gateway. Like that:
Description . . . . . . . . . . . : Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.1.5
NetBIOS over Tcpip. . . . . . . . : Enabled
But I want my default gateway will be - 192.168.1.10.
You can implement split tunneling and send down a 0 route as well as some host routes. This doesn't enable split tunneling any more than having it disabled. The misconception everywhere about split tunneling is that it is a decision that is made by the VPNC or the ASA. The settings are pushed down to the client. The pc's route table makes the final determination. If it is not what is expected, it doesn't make it to the VPN client at all and the SA is not applied. There is no way possible that I know of to force a non split tunnel policy down to a pc. It is the IP Stack at the PC that makes this decision.
Now in your case, I'm not sure what the issue is. I just wanted to take this opportunity to make sure that it is understood how this works. A route entry has to be in the route table that triggers the traffic to go out what is the vpn interface. Then there must be a route to the tunnel endpoint. This is from the perspective of the PC.
I agree with your position on split tunneling. However, this is software that is loaded on the PC. If the pc chooses to route it otherwise it can. In a perfect world, the VPN Client could watch for this. However, there is no way as an administrator to completely prevent split tunneling. I take advantage of this at least once a week to deal with overlap issue I have with my VPN and a customer's network.