Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Routing-Problem: SSL-VPN not on default-interface?

Hi there,

I have got an ASA 5510 with IOS 7.0.7.

The ASA has two external connections:

- External VLAN 5

- External VLAN 225 (default route points to the next router)

Now i try to connect with a SSL-VPN to the IP, bound on VLAN 5.This does not work. If I configure the VPN on VLAN 225 and connect to it, it works fine.

I think it's a routing-problem on the ASA.


Is there something like "source-routing"?

Thanx for help.



Re: ASA Routing-Problem: SSL-VPN not on default-interface?

If you have any trunk ports from Switch to ASA make sure VLAN 5 is allowed on that port and ensure that there is a layer 3 device with an ip address configured in this VLAN. Refer URL for configuring the switch

New Member

Re: ASA Routing-Problem: SSL-VPN not on default-interface?


there is no problem with the VLAN. The outside ASA-interface and the connected Switch-Port is configured as a trunk. The Switchports to the routers are configured in the matching VLANs.

Ping from the ASA to the routers works fine.

It seems to be a routing-problem. The incomming data-traffic on VLAN5 leaves the ASA von VLAN225 (default route).

Any ideas to solve the problem?

Regards Marc

Cisco Employee

Re: ASA Routing-Problem: SSL-VPN not on default-interface?

Please post your configuration and we'll be able to help further.


New Member

Re: ASA Routing-Problem: SSL-VPN not on default-interface?


here is the configuration.

Hope, all neccessary information is included.

interface Ethernet0/0.5

description VLAN zum Router

vlan 5

nameif outside.5

security-level 0

ip address x.x.x.5


interface Ethernet0/0.225

description VLAN zum Default-Router

vlan 225

nameif outside.225

security-level 0

ip address x.x.x.225


ip local pool vpn-pool mask


access-list NONAT extended permit ip


nat (inside) 0 access-list NONAT


route outside.225 x.x.x.230 1


crypto isakmp enable outside.225


group-policy Webvpn-Policy internal

group-policy Webvpn-Policy attributes

wins-server value

dns-server value

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value local


svc required

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc dpd-interval client 500

svc dpd-interval gateway 500