Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco ASA5505 VPN Remote Client Connectivity

I have an ASA 5505 that has been configured for dual ISP failover and remote access vpn. The remote clients are able to connect to the ASA and tunnel gets established but they are unable to ping anything in the inside network or go to the Internet through the ASA.

 

The remote clients are getting a default gateway that does not exist on the ASA anywhere. I want the defaut gateway to be inside interface of the ASA for the remote clients.

 

Here are the IP config of the remote client.

IP Address: 10.31.111.10

Subnet Mask: 255.255.255.0

Gateway: 10.31.111.1  <--------------------  this does not exist anywhere on the ASA

 

The Inside interface on the ASA is the default gateway of the Internal network. I have configured access-lists to allow VPN space to talk to the Internal network and configured the two networks as NAT Exampt.

Has anyone ran into an issue like this?

You prompt response is much appreciated.

 

Thanks,

 

Muhammad

 

 

1 REPLY
Hall of Fame Super Silver

What type of VPN are you

What type of VPN are you using? Normally on a modern SSL VPN (AnyConnect client), there is not a default gateway handed out to the client. Instead, the inside routes of the ASA are passed to the client (consistent with the tunneling policy configured - all networks or those specified) and installed in the client's routing table. The gateway used by the ASA will also be used by the remote access VPN client.

You normally don't need an access-list entry because the VPN users generally bypass the pre-configured access-list.

29
Views
0
Helpful
1
Replies