Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Route for appliance vs. VPN clients on ASA 5510

Currently we have clients connect into the VPN and are assigned addresses in the range The default route for them is This is on interface Ethernet0/0 (external) with IP

The ASA also has Ethernet0/1 (internal) setup with IP This subnet only exists for communication between the ASA and authentication servers in the range.

The issue I'm having is when VPN clients are connected, I want ALL of their traffic to go out that default route (, however since there is an interface in the subnet, any traffic from clients trying to access that subnet are forced to go out that internal interface. I don't want that.

The question I have is is it possible to have the appliance itself route through the "internal" interface for reaching what it needs to reach, but force VPN clients to use only the "external" interface?

Everyone's tags (1)
Community Member

Hi!What is the VPN address


What is the VPN address pool assigned to your VPN clients?

Sounds like what needs to happen is to create a "clientpool" on the device and then route all that traffic to the desired interface...


Hope this helps!

Community Member

The clients are given

The clients are given addresses in the pool

Community Member

Further info for you (had the

Further info for you (had the pool range slightly off):

net-vpn-0(config-if)# show ip local pool VLAN70 
Begin           End             Mask            Free     Held     In use      71        0        0

Available Addresses:


CreatePlease to create content