Getting wrong default-gateway on vpn client

Unanswered Question
Jan 28th, 2010

There has been other threads on this subject, but either it was unanswered or the user fixed it and the solution doesn't apply here.

The ASA is configured to hand off an IP from an internal DHCP server.  The client gets the IP and the gate way should be set to itself, however it gets set to x.x.x.1.  x.x.x.1 is no where to be found on the ASA.  I am pasting the relevent config if it helps.  Thanks,  Tom

interface Ethernet0/0
speed 100
duplex full
nameif INTERNAL
security-level 100
ip address 10.16.16.25 255.255.254.0
!
interface Ethernet0/1
speed 100
duplex full
nameif EXTERNAL
security-level 0
ip address y.y.y.y 255.255.255.192

same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network All_Brazil
network-object 10.16.0.0 255.255.0.0
network-object 10.17.0.0 255.255.0.0
access-list EXTERNAL_access_in extended permit ip 10.16.0.0 255.255.0.0 any
access-list EXTERNAL_access_in extended permit icmp any any
access-list INTERNAL_nat_outbound extended permit ip object-group All_Brazil any
access-list EXTERNAL_nat0_outbound extended permit ip 10.16.16.0 255.255.254.0 10.16.16.0 255.255.254.0
access-list INTERNAL_nat0_outbound extended permit ip any 10.16.16.0 255.255.254.0
global (EXTERNAL) 1 interface
nat (INTERNAL) 0 access-list INTERNAL_nat0_outbound
nat (INTERNAL) 1 access-list INTERNAL_nat_outbound
nat (EXTERNAL) 0 access-list EXTERNAL_nat0_outbound
nat (EXTERNAL) 1 10.16.16.0 255.255.254.0
access-group EXTERNAL_access_in in interface EXTERNAL
route EXTERNAL 0.0.0.0 0.0.0.0 200.245.75.129 1
route INTERNAL 10.0.0.0 255.0.0.0 10.16.16.7 1
route INTERNAL 172.16.0.0 255.240.0.0 10.16.16.7 1
route INTERNAL 192.168.0.0 255.255.0.0 10.16.16.7 1


group-policy ABC_SA internal
group-policy ABC_SA attributes
wins-server value 10.16.16.40 10.16.16.41
dns-server value 10.16.16.40 10.16.16.41
dhcp-network-scope none
vpn-tunnel-protocol IPSec
default-domain value alcan.com

tunnel-group ABC_SA type remote-access
tunnel-group ABC_SA general-attributes
authentication-server-group SDI
default-group-policy ABC_SA
dhcp-server 10.16.16.41
dhcp-server 10.16.16.40
tunnel-group ABC_SA ipsec-attributes
pre-shared-key *

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion