cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4702
Views
0
Helpful
2
Replies

adding a static route on a remote vpn client connection

brianbono
Level 1
Level 1

is it possible to add a static route for my remote vpn clients so that when they tunnel through my network they can still access an extra subnet in my network?

currently i have two subnets in my network. one has a full tunnel client-to-site vpn connection and now we have this need to allow users to be able to access the other subnet the we have in the network.

if this is possible how do i go about it?

thanks

2 Replies 2

Jack Kintz
Level 1
Level 1

Did Cisco support ever answer your question?  I have a similar issue and cannot seem to get a clear answer to it.

zalkurdi
Cisco Employee
Cisco Employee

Hello,

If I understood you correctly, you want VPN clients to access an extra network behind the Firewall or router. Correct?

If that is the case, on the firewall or router, you need to add a standard access list with the source IP being the internal networks that you want to access through the tunnel from the clients. Then you need to go under the group policy and create a split tunnel list using the ACL you created before.

Like so:

  1. ciscoasa(config)#group-policy  attributes
    ciscoasa(config-group-policy)#

Specify the split tunnel policy. In this case the policy is tunnelspecified.

ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified

Specify the split tunnel access list. In this case, the list is

Split_Tunnel_List.

ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List

This way you tell the VPN client, in order to access those networks, use the VPN tunnel.

Hope this helps.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: