Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
523
Views
0
Helpful
4
Replies

ASA Routing-Problem: SSL-VPN not on default-interface?

marcbujack
Level 1
Level 1

‎12-12-2007 06:47 AM - edited ‎02-21-2020 01:49 AM

Hi there,

I have got an ASA 5510 with IOS 7.0.7.

The ASA has two external connections:

- External VLAN 5

- External VLAN 225 (default route points to the next router)

Now i try to connect with a SSL-VPN to the IP, bound on VLAN 5.This does not work. If I configure the VPN on VLAN 225 and connect to it, it works fine.

I think it's a routing-problem on the ASA.

Right?

Is there something like "source-routing"?

Thanx for help.

Marc

0 Helpful
4 Replies 4

irisrios
Level 6
Level 6

‎12-19-2007 09:06 AM

If you have any trunk ports from Switch to ASA make sure VLAN 5 is allowed on that port and ensure that there is a layer 3 device with an ip address configured in this VLAN. Refer URL for configuring the switch http://cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/ifcs5505.html#wp1051654

0 Helpful

marcbujack
Level 1
Level 1
In response to irisrios

‎12-22-2007 08:35 AM

Hi,

there is no problem with the VLAN. The outside ASA-interface and the connected Switch-Port is configured as a trunk. The Switchports to the routers are configured in the matching VLANs.

Ping from the ASA to the routers works fine.

It seems to be a routing-problem. The incomming data-traffic on VLAN5 leaves the ASA von VLAN225 (default route).

Any ideas to solve the problem?

Regards Marc

0 Helpful

Jason Gervia
Cisco Employee
Cisco Employee
In response to marcbujack

‎01-15-2008 05:51 AM

Please post your configuration and we'll be able to help further.

--Jason

0 Helpful

marcbujack
Level 1
Level 1
In response to Jason Gervia

‎02-21-2008 06:31 AM

Hi,

here is the configuration.

Hope, all neccessary information is included.

interface Ethernet0/0.5

description VLAN zum Router

vlan 5

nameif outside.5

security-level 0

ip address x.x.x.5 255.255.255.248

!

interface Ethernet0/0.225

description VLAN zum Default-Router

vlan 225

nameif outside.225

security-level 0

ip address x.x.x.225 255.255.255.248

!

ip local pool vpn-pool 10.1.1.1-10.1.1.255 mask 255.255.255.0

!

access-list NONAT extended permit ip 172.16.0.0 255.255.255.0 10.1.1.0 255.255.255.0

!

nat (inside) 0 access-list NONAT

!

route outside.225 0.0.0.0 0.0.0.0 x.x.x.230 1

!

crypto isakmp enable outside.225

!

group-policy Webvpn-Policy internal

group-policy Webvpn-Policy attributes

wins-server value 172.16.0.100

dns-server value 172.16.0.100

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value local

webvpn

svc required

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc dpd-interval client 500

svc dpd-interval gateway 500

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card