Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Route for appliance vs. VPN clients on ASA 5510

Currently we have clients connect into the VPN and are assigned addresses in the range 10.141.40.0/22. The default route for them is 10.141.40.1. This is on interface Ethernet0/0 (external) with IP 10.141.40.40/22.

The ASA also has Ethernet0/1 (internal) setup with IP 10.141.96.40/22. This subnet only exists for communication between the ASA and authentication servers in the 10.141.96.0/22 range.

The issue I'm having is when VPN clients are connected, I want ALL of their traffic to go out that default route (10.141.40.1), however since there is an interface in the 10.141.96.0/22 subnet, any traffic from clients trying to access that subnet are forced to go out that internal interface. I don't want that.

The question I have is is it possible to have the appliance itself route through the "internal" interface for reaching what it needs to reach, but force VPN clients to use only the "external" interface?

Everyone's tags (1)
3 REPLIES
Community Member

Hi!What is the VPN address

Hi!

What is the VPN address pool assigned to your VPN clients?

Sounds like what needs to happen is to create a "clientpool" on the device and then route all that traffic to the desired interface...

 

Hope this helps!

Community Member

The clients are given

The clients are given addresses in the pool 10.141.40.120-10.141.40.220.

Community Member

Further info for you (had the

Further info for you (had the pool range slightly off):

net-vpn-0(config-if)# show ip local pool VLAN70 
Begin           End             Mask            Free     Held     In use
10.141.40.128   10.141.40.198   255.255.252.0      71        0        0

Available Addresses:
10.141.40.128
10.141.40.129
10.141.40.130
10.141.40.131

...

54
Views
0
Helpful
3
Replies
CreatePlease to create content