Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1401
Views
0
Helpful
4
Replies

ASA 5510 Address Assignment

Go to solution
gaigl
Level 3
Level 3

‎05-21-2012 05:51 AM

Hello,

I've got an ASA5510 which should assign an address from a local pool to the client, address-pool is e.g. 192.168.239.5-192.168.239.250, mask 255.255.255.255. the pool is assigned via Group-Policy. The Client is AnyConnect 3.0.4235

If the client connects, he gets an address 192.168.239.9(preferred) but in the Windows Network-Config the Default-Gateway is 192.168.239.11 (most time one higher than the Client-Address!!!???

shouldn't the Gateway address be the same than the Client-Address?

anyway the Client can't find a Route to the Inside Networks.

I tried to assign the address via Connection Profile (Tunnel-Group) but with the same Result

The inside Networks are complete other Address-Space, so the Addresses from the Pool are virtual Addresses.

Any Hints?

Thanks

Karl

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-21-2012 06:04 AM

Default gateway assigned should be fine as it will just send traffic destined towards the VPN tunnel towards the tunnel.

Do you have split tunnel configured? If not, please configure split tunnel policy and split tunnel ACL.

If you do not want to configure split tunnel, then just configure the split tunnel policy.

Pls share your configuration if you don't know how to configure it.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎05-21-2012 06:04 AM

Default gateway assigned should be fine as it will just send traffic destined towards the VPN tunnel towards the tunnel.

Do you have split tunnel configured? If not, please configure split tunnel policy and split tunnel ACL.

If you do not want to configure split tunnel, then just configure the split tunnel policy.

Pls share your configuration if you don't know how to configure it.

0 Helpful

Go to solution
gaigl
Level 3
Level 3
In response to Jennifer Halim

‎05-21-2012 07:01 AM

Hello Jennifer,

thank you for your advice, but I've now tried to configure split-tunnel (ACE with my internal networks) and I think I've tried all possibilitys: no success.

I think there is any other (simple) problem, that I don't see.

I'm sure I've already managed it, but now there is some testing with a Radius-Config, which works, but not the Tunnel.

0 Helpful

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee
In response to gaigl

‎05-22-2012 04:12 AM

can you please share your config so we can have a look at what might be the issue. thx

0 Helpful

Go to solution
gaigl
Level 3
Level 3
In response to Jennifer Halim

‎05-22-2012 06:26 AM

Sorry, i've found the real Problem:

an Access-List blocking udp, shame on me.

but anyway I learned a lot about "Split-Tunneling". Now everything is fine.

(I knew, it is a very simple Problem)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents