I am using docker toolbox on windows for docker related development. This works fine when I am on home or office network but doesn't work when I am using anyconnect VPN to connect to office network. Please let me know if there is a network setting which can be changed to make it work.

I've really like OpenConnect (which supports more configuration options than network-manager-openconnect). Even hideous installations that require csd-wrapper usually work well.

AnyConnect breaks docker networks in a weird way and they stay broken even after you exit the VPN (even if you stop vpnagentd afterwards).

The workaround is to stop docker, clear all its networks and bridges and only then start the AnyConnect VPN. You can start docker after the VPN session ends and it will re-create all necessary stuff.

I created a script to workaround this unfortunate behavior that does exactly this:

#!/bin/sh
# usage: 
#   vpn.sh [start]
#   vpn.sh stop    

if [ "$1" = "stop" ]; then
    /opt/cisco/anyconnect/vpn/vpn disconnect
    sudo systemctl stop vpnagentd
    echo "Cisco VPN stopped"
    echo "Starting docker"
    sudo systemctl start docker
else
    echo "Stopping docker"
    sudo systemctl stop docker
    bridges=$(sudo brctl show | cut -f1 | tail -n +2)
    for b in $bridges; do
        sudo nmcli connection delete $b
        sudo ip link set dev $b down
        sudo brctl delbr $b
    done
    echo "Starting Cisco VPN"
    sudo systemctl start vpnagentd
    /opt/cisco/anyconnect/vpn/vpn connect 'VPN-NAME'
fi

Note: A VPN admin can prevent you from using OpenConnect and force you to use Cisco AnyConnect only but you might a better experience if LocalLanAccess is enabled in your VPN profile.

Docker adds an entry by default to the routing table, which forwards all traffic with destination 172.17.X.X through the loopback address. In your case, if the IP address assigned to your computer by AnyConnect begins with 172.17 the two subnets overlap and Docker freezes the vpn connection (you can check that by looking at your IP assigned by anyconnect and compare it with the routing table of the docker machine).

If that's the case, you can change the default subnet used by Docker by adding the following to the %programdata%\docker\config\daemon.json

{
  "default-address-pools":
  [
    {"base":"10.10.0.0/16","size":24}
  ]
}

After those configuration changes restart the Docker service and verify that the new subset has been set (you can use netstat -rn).

Article for the steps in Linux here.

The following worked for me.

Try using OpenConnect instead of Anyconnect:

sudo apt install openconnect
sudo apt install network-manager-openconnect

and then (for Ubuntu 16 at least) comment out the line dns=dnsmasq, so it becomes like this:

$ cat /etc/NetworkManager/NetworkManager.conf
[main]
plugins=ifupdown,keyfile,ofono
#dns=dnsmasq

Then add a connection using NetworkManager to your VPN provider and connect. (NetworkManager -> Edit connections -> Add. Then select Connection type to be VPN -> Cisco Annyconnect)

Reboot and reconnect, and now docker containers should have access to internet.

i know this question is kind of old.. but its the first stackoverflow hit if you google for docker cisco vpn related issues. Since i had my problems with this issue myself in the last couple of days and nothing i found online seemed to work, i wanted to share my solution here.

# Some setup at first, skip if you already have those..
sudo apt-get install ca-certificates curl gnupg lsb-release

# add key and sources
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# install docker
sudo apt-get update \
&& sudo apt-get install docker-ce docker-ce-cli containerd.io

# disable docker services
sudo systemctl disable --now docker.service docker.socket

# setup docker for rootless usage and switch to that context
dockerd-rootless-setuptool.sh install
docker context use rootless

# add the following to your bashrc or zshrc and source it ofc
export DOCKER_HOST=unix:///run/user/1000/docker.sock

# user start the docker service again (no sudo)
systemctl --user start docker

Hope this helps at least someone.

You can configure your local route table. usually the docker_endpoint is 192.168.x.x, in order to let it go to local network rather than vpn, you can add route rule as below. route add 192.168.0.0 mask 255.255.0.0 192.168.0.1 -p -p means to add it permanently. then run below command to see if it's set. route print

I had exactly the same issue - docker container networking not working under Cisco Anyconnect VPN. I tried a bunch of solutions posted online - enable local LAN addresses from cisco anyconnect, update ip route table, etc etc. Absolutely nothing worked for me. Then, i installed docker desktop app, which is available for Linux included. With the docker desktop app opened, i restarted all my containers and containers networking were back online and working.