adding a static route on a remote vpn client connection

Unanswered Question
Sep 2nd, 2007
User Badges:

is it possible to add a static route for my remote vpn clients so that when they tunnel through my network they can still access an extra subnet in my network?


currently i have two subnets in my network. one has a full tunnel client-to-site vpn connection and now we have this need to allow users to be able to access the other subnet the we have in the network.


if this is possible how do i go about it?


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
OperationsCisco Fri, 12/20/2013 - 21:54
User Badges:

Did Cisco support ever answer your question?  I have a similar issue and cannot seem to get a clear answer to it.

zalkurdi Sat, 12/21/2013 - 03:12
User Badges:
  • Cisco Employee,

Hello,


If I understood you correctly, you want VPN clients to access an extra network behind the Firewall or router. Correct?

If that is the case, on the firewall or router, you need to add a standard access list with the source IP being the internal networks that you want to access through the tunnel from the clients. Then you need to go under the group policy and create a split tunnel list using the ACL you created before.


Like so:

  1. ciscoasa(config)#group-policy  attributes
    ciscoasa(config-group-policy)#

Specify the split tunnel policy. In this case the policy is tunnelspecified.

ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified

Specify the split tunnel access list. In this case, the list is

Split_Tunnel_List.

ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List


This way you tell the VPN client, in order to access those networks, use the VPN tunnel.

Hope this helps.

Actions

This Discussion