cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
141
Views
0
Helpful
1
Replies

Cisco ASA5505 VPN Remote Client Connectivity

muhammadal1
Level 1
Level 1

I have an ASA 5505 that has been configured for dual ISP failover and remote access vpn. The remote clients are able to connect to the ASA and tunnel gets established but they are unable to ping anything in the inside network or go to the Internet through the ASA.

 

The remote clients are getting a default gateway that does not exist on the ASA anywhere. I want the defaut gateway to be inside interface of the ASA for the remote clients.

 

Here are the IP config of the remote client.

IP Address: 10.31.111.10

Subnet Mask: 255.255.255.0

Gateway: 10.31.111.1  <--------------------  this does not exist anywhere on the ASA

 

The Inside interface on the ASA is the default gateway of the Internal network. I have configured access-lists to allow VPN space to talk to the Internal network and configured the two networks as NAT Exampt.

Has anyone ran into an issue like this?

You prompt response is much appreciated.

 

Thanks,

 

Muhammad

 

 

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

What type of VPN are you using? Normally on a modern SSL VPN (AnyConnect client), there is not a default gateway handed out to the client. Instead, the inside routes of the ASA are passed to the client (consistent with the tunneling policy configured - all networks or those specified) and installed in the client's routing table. The gateway used by the ASA will also be used by the remote access VPN client.

You normally don't need an access-list entry because the VPN users generally bypass the pre-configured access-list.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: