ASA Routing-Problem: SSL-VPN not on default-interface?

Unanswered Question
Dec 12th, 2007

Hi there,

I have got an ASA 5510 with IOS 7.0.7.

The ASA has two external connections:

- External VLAN 5

- External VLAN 225 (default route points to the next router)

Now i try to connect with a SSL-VPN to the IP, bound on VLAN 5.This does not work. If I configure the VPN on VLAN 225 and connect to it, it works fine.

I think it's a routing-problem on the ASA.

Right?

Is there something like "source-routing"?

Thanx for help.

Marc

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
marcbujack Sat, 12/22/2007 - 08:35

Hi,

there is no problem with the VLAN. The outside ASA-interface and the connected Switch-Port is configured as a trunk. The Switchports to the routers are configured in the matching VLANs.

Ping from the ASA to the routers works fine.

It seems to be a routing-problem. The incomming data-traffic on VLAN5 leaves the ASA von VLAN225 (default route).

Any ideas to solve the problem?

Regards Marc

Jason Gervia Tue, 01/15/2008 - 05:51

Please post your configuration and we'll be able to help further.

--Jason

marcbujack Thu, 02/21/2008 - 06:31

Hi,

here is the configuration.

Hope, all neccessary information is included.

interface Ethernet0/0.5

description VLAN zum Router

vlan 5

nameif outside.5

security-level 0

ip address x.x.x.5 255.255.255.248

!

interface Ethernet0/0.225

description VLAN zum Default-Router

vlan 225

nameif outside.225

security-level 0

ip address x.x.x.225 255.255.255.248

!

ip local pool vpn-pool 10.1.1.1-10.1.1.255 mask 255.255.255.0

!

access-list NONAT extended permit ip 172.16.0.0 255.255.255.0 10.1.1.0 255.255.255.0

!

nat (inside) 0 access-list NONAT

!

route outside.225 0.0.0.0 0.0.0.0 x.x.x.230 1

!

crypto isakmp enable outside.225

!

group-policy Webvpn-Policy internal

group-policy Webvpn-Policy attributes

wins-server value 172.16.0.100

dns-server value 172.16.0.100

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value local

webvpn

svc required

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc dpd-interval client 500

svc dpd-interval gateway 500

Actions

This Discussion