09-02-2007 05:01 PM - edited 03-11-2019 04:05 AM
is it possible to add a static route for my remote vpn clients so that when they tunnel through my network they can still access an extra subnet in my network?
currently i have two subnets in my network. one has a full tunnel client-to-site vpn connection and now we have this need to allow users to be able to access the other subnet the we have in the network.
if this is possible how do i go about it?
thanks
12-20-2013 09:54 PM
Did Cisco support ever answer your question? I have a similar issue and cannot seem to get a clear answer to it.
12-21-2013 03:12 AM
Hello,
If I understood you correctly, you want VPN clients to access an extra network behind the Firewall or router. Correct?
If that is the case, on the firewall or router, you need to add a standard access list with the source IP being the internal networks that you want to access through the tunnel from the clients. Then you need to go under the group policy and create a split tunnel list using the ACL you created before.
Like so:
ciscoasa(config)#group-policyattributes ciscoasa(config-group-policy)#
Specify the split tunnel policy. In this case the policy is tunnelspecified.
ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified
Specify the split tunnel access list. In this case, the list is
Split_Tunnel_List.
ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List
This way you tell the VPN client, in order to access those networks, use the VPN tunnel.
Hope this helps.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: