TLDR; https://jamespotz.github.io/blog/how-to-fix-wsl2-and-cisco-vpn, but certain internal resources are still not available after doing this (in case u need them re-anyconnect), others are though. toggling the metric priority is key here as well.
This and followup posts (even an automation) probably work as well, haven't tested yet microsoft/WSL#5764 (comment)
Also this could work, not tested yet as I did not check the sources https://wheatevo.com/wsl-2-vpn-routing-fix/
The article on msdn doesn't seem to apply for my case (wsl2, cisco anyconnect vpn)
I have some articles tagged [wsl2, vpn, wsl2-issue] that seem to approximate an automatable fix (microsoft/WSL#1350 (comment) etc.), but one of them really provides a very fast fix serving as the very baseline of all automating: microsoft/WSL#5068 (comment)
Open powershell in admin mode and Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000
This got me the dns-servers (microsoft/WSL#1350 (comment)): Get-DnsClientServerAddress -AddressFamily ipv4 | Select-Object -ExpandProperty ServerAddresses
In wsl added the internal ones as sudo nano /etc/resolv.conf testing as ping google.com -c 1
This is a script implementing automation of the above: https://gist.github.com/machuu/7663aa653828d81efbc2aaad6e3b1431 (revised fork https://gist.github.com/vmiko/5f5e894bee5fb36cf836c5312b06bdb2). I added some advice:
Thanks for your corrections to original gist, I googled this since WSL2 was out!
%HOMEPATH% seems not to be resolved to the regular user's but the elevated user's one. So I am using "Add arguments:"
-NoProfile -ExecutionPolicy Bypass -File C:\Users\regularuser\Documents\PowerShell\UpdateAnyConnectInterfaceMetric.ps1. Also I check "Independent from user logon" in the very same dialog.
I also applied this as suggested in one of the [wsl2-issue]-tagged articles (microsoft/WSL#1350 (comment)):
Disable-NetAdapterBinding -Name "Mobilfunk" -ComponentID ms_tcpip6 -PassThru
Disable-NetAdapterBinding -Name "vEthernet (WSL)" -ComponentID ms_tcpip6 -PassThru
Disable-NetAdapterBinding -Name "vEthernet (Default Switch)" -ComponentID ms_tcpip6 -PassThru
This gets you the dns-servers: Get-DnsClientServerAddress -AddressFamily ipv4 | Select-Object -ExpandProperty ServerAddresses
Very important also for NixOS users https://github.com/nix-community/NixOS-WSL/commit/9eea29cf18310dedba1c1cd73f8a38a637966ec1, this commit lists i. e. modules/wsl-distro.nix where certain services are disabled on purpose and a default wsl.conf is written.
This is an interesting way that solves the issue, that a service started in WSL2 is not visible from host's browser (my use case was org-web) https://stackoverflow.com/questions/61002681/connecting-to-wsl2-server-via-local-network