ASA Routing-Problem: SSL-VPN not on default-interface?

Unanswered Question
Dec 12th, 2007
User Badges:

Hi there,

I have got an ASA 5510 with IOS 7.0.7.

The ASA has two external connections:

- External VLAN 5

- External VLAN 225 (default route points to the next router)

Now i try to connect with a SSL-VPN to the IP, bound on VLAN 5.This does not work. If I configure the VPN on VLAN 225 and connect to it, it works fine.

I think it's a routing-problem on the ASA.


Is there something like "source-routing"?

Thanx for help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
marcbujack Sat, 12/22/2007 - 08:35
User Badges:


there is no problem with the VLAN. The outside ASA-interface and the connected Switch-Port is configured as a trunk. The Switchports to the routers are configured in the matching VLANs.

Ping from the ASA to the routers works fine.

It seems to be a routing-problem. The incomming data-traffic on VLAN5 leaves the ASA von VLAN225 (default route).

Any ideas to solve the problem?

Regards Marc

Jason Gervia Tue, 01/15/2008 - 05:51
User Badges:
  • Cisco Employee,

Please post your configuration and we'll be able to help further.


marcbujack Thu, 02/21/2008 - 06:31
User Badges:


here is the configuration.

Hope, all neccessary information is included.

interface Ethernet0/0.5

description VLAN zum Router

vlan 5

nameif outside.5

security-level 0

ip address x.x.x.5


interface Ethernet0/0.225

description VLAN zum Default-Router

vlan 225

nameif outside.225

security-level 0

ip address x.x.x.225


ip local pool vpn-pool mask


access-list NONAT extended permit ip


nat (inside) 0 access-list NONAT


route outside.225 x.x.x.230 1


crypto isakmp enable outside.225


group-policy Webvpn-Policy internal

group-policy Webvpn-Policy attributes

wins-server value

dns-server value

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value local


svc required

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc dpd-interval client 500

svc dpd-interval gateway 500


This Discussion