02-21-2008 08:17 PM
I have an ASA 5510 terminating a remote access VPN using Cisco VPN client 4 and 5. Recently I have been advised that users are having trouble accessing network shares and I have found that the default gateway assigned to remote clients is invalid. The address pool for remote clients is x.x.1.235 - x.x.1.250. When I connect to the VPN and do an ipconfig I get a default-gateway of x.x.0.1. This address is part of our network but is a server and not a router. I am unable to find a command to set the default-gateway for remote access clients. Once I manually change the default-gateway everything seems to work. The problem is that users do not have admin rights to their PCs so are unable to change the default gateway. Where is this default-gateway being assigned to the address pool and how do I specify what default-gateway remote client should receive?
02-21-2008 09:28 PM
Use of split-tunneling should fix your problem.
Create an acl to specify VPN networks:
access-list networks_accessible_VPN standard permit x.x.x.x mask (vpn networks)
Use your VPN similar to below and add split tunnel functionality using the above acl:
group-policy remote_vpn_users attributes
banner none
split-tunnel-policy tunnelspecified
split-tunnel-network-list value networks_accessible_VPN
Traffic in the above acl will be encrypted and use the VPN tunnel.
All traffic will use your default gateway unencrypted and unaffected by tunnel traffic.
02-26-2008 09:26 AM
That seemed to fix the problem. Thank you for your help
02-25-2008 08:58 PM
Hi,
When you do an ipconfig on the client, how many adapters and how many default gateways do you have? Do you have a default gateway for the cisco vpn adapter and the ethernet adapter?
Thanks
John
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide