We are using cisco ASA 5510 and we provide VPN access to external users through cisco anyconnect. When users get connected they can access to only one subnet. How can we enable route to another subnet in CLI or ASDM?
This might have nothing to do with actual routing but your VPN configurations.
At the moment you have not provided enough information for us to give you a specific answer. It would be best if you could describe what kind of network you have between the LAN subnets and the VPN device. Does for example all the LAN subnets have a route towards the VPN device for the VPN Pool used?
There are 2 main things to look at when you have a VPN Client connection and connections to some subnets are not working.
Are you using Full Tunnel or Split Tunnel? You can check this from the "group-policy" configuration used for the VPN connection. You can use the command "show run group-policy" to check this on the CLI or you can use the ASDM to find the Group Policy used and check what its Split Tunnel settings are. If you are using Split Tunnel VPN then you will have to configure all the internal subnets in the Split Tunnel ACL for the VPN Client to tunnel traffic to them. If you are using Full Tunnel VPN then you wont have to add subnets to any ACL
Have you configured NAT0 for all the internal subnet you want to access through the VPN Client connection? Even if the above mentioned Split Tunnel configuration includes all the required subnets (or you are using Full Tunnel) you might be missing a NAT0 configuration for some of the internal subnets which blocks connectivity. Make sure you have the correct NAT configurations.
Then there are some more uncommon settings that might cause problems. If you for example are using a VPN Filter ACL you need to allow the traffic in that ACL. Or if you are using the global setting "no sysopt connection permit-vpn" it will mean that you have to allow required traffic in the ACL of the interface to which the user connects with the VPN Client.
So as I said, we need more information to help you or perhaps the above points might help you find the problem in the configurations.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :