Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Routing-Problem: SSL-VPN not on default-interface?

Hi there,

I have got an ASA 5510 with IOS 7.0.7.

The ASA has two external connections:

- External VLAN 5

- External VLAN 225 (default route points to the next router)

Now i try to connect with a SSL-VPN to the IP, bound on VLAN 5.This does not work. If I configure the VPN on VLAN 225 and connect to it, it works fine.

I think it's a routing-problem on the ASA.

Right?

Is there something like "source-routing"?

Thanx for help.

Marc

4 REPLIES
Silver

Re: ASA Routing-Problem: SSL-VPN not on default-interface?

If you have any trunk ports from Switch to ASA make sure VLAN 5 is allowed on that port and ensure that there is a layer 3 device with an ip address configured in this VLAN. Refer URL for configuring the switch http://cisco.com/en/US/docs/security/asa/asa80/asdm60/user/guide/ifcs5505.html#wp1051654

New Member

Re: ASA Routing-Problem: SSL-VPN not on default-interface?

Hi,

there is no problem with the VLAN. The outside ASA-interface and the connected Switch-Port is configured as a trunk. The Switchports to the routers are configured in the matching VLANs.

Ping from the ASA to the routers works fine.

It seems to be a routing-problem. The incomming data-traffic on VLAN5 leaves the ASA von VLAN225 (default route).

Any ideas to solve the problem?

Regards Marc

Cisco Employee

Re: ASA Routing-Problem: SSL-VPN not on default-interface?

Please post your configuration and we'll be able to help further.

--Jason

New Member

Re: ASA Routing-Problem: SSL-VPN not on default-interface?

Hi,

here is the configuration.

Hope, all neccessary information is included.

interface Ethernet0/0.5

description VLAN zum Router

vlan 5

nameif outside.5

security-level 0

ip address x.x.x.5 255.255.255.248

!

interface Ethernet0/0.225

description VLAN zum Default-Router

vlan 225

nameif outside.225

security-level 0

ip address x.x.x.225 255.255.255.248

!

ip local pool vpn-pool 10.1.1.1-10.1.1.255 mask 255.255.255.0

!

access-list NONAT extended permit ip 172.16.0.0 255.255.255.0 10.1.1.0 255.255.255.0

!

nat (inside) 0 access-list NONAT

!

route outside.225 0.0.0.0 0.0.0.0 x.x.x.230 1

!

crypto isakmp enable outside.225

!

group-policy Webvpn-Policy internal

group-policy Webvpn-Policy attributes

wins-server value 172.16.0.100

dns-server value 172.16.0.100

vpn-tunnel-protocol IPSec l2tp-ipsec webvpn

default-domain value local

webvpn

svc required

svc keep-installer installed

svc rekey time 30

svc rekey method ssl

svc dpd-interval client 500

svc dpd-interval gateway 500

148
Views
0
Helpful
4
Replies