Hello everyone!

I'm trying to use Cisco ASA 5510 with IOS 9.1(2) and I faced with one big problem: when any client connect to Remote Access VPN and receive IP address my ASA thinks that IP packets from this client should go via it's default gateway, For example, if OSPF neighbour and default gateway is 10.1.2.2/30 and IP of my cisco is 10.1.2.1/30 and client's IP is 172.16.15.223 I see this route in my routing table:

S 172.16.15.223 255.255.255.255 [1/0] via 10.1.2.2

I switched on reverse route injection, I include VPN network to OSPF advirtismets. But when I set up route summarization - I get route:

O EX 172.168.15.0 255.255.255.0 [110/30] via 10.2.2.1 xx:xx:xx vlan X

on my router, but ASA made the same route as I wrote above.

Does anybody can Help what the problem is?

My configuration is:

!

access-list redistribute standard permit 172.16.15.0 255.255.255.0

access-list filter-default-static-route remark filter static default route from OSPF Redistribution

access-list filter-default-static-route standard deny host 0.0.0.0

access-list filter-default-static-route standard permit 172.16.15.0 255.255.255.0

!

route-map vpn-routes permit 10

match ip address filter-default-static-route

!

route-map vpn-routes permit 20

match interface outside

set metric-type type-2

!

route-map redistribute-map permit 1

match ip address redistribute

!

!

router ospf 1

network 172.16.15.0 255.255.255.0 area 5

network 82.179.131.116 255.255.255.252 area 5

area 5 range 172.16.15.0 255.255.255.0

log-adj-changes

redistribute connected

redistribute static subnets route-map vpn-routes

summary-address172.16.15.0 255.255.255.0

!

!

crypto dynamic-map TEST_DYN_MAP 7 set ikev1 transform-set ESP-3DES-SHA

crypto dynamic-map TEST_DYN_MAP 7 set ikev2 ipsec-proposal 3DES

crypto dynamic-map TEST_DYN_MAP 7 set nat-t-disable

crypto dynamic-map TEST_DYN_MAP 7 set reverse-route

!

!

crypto map outside_map 65535 ipsec-isakmp dynamic TEST_DYN_MAP

crypto map outside_map interface outside

!

!