Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN profile routing

Help. I'm feeling particularly dense today.

I have an ASA 5510 being fed by ACS for authentication and groups.

I have several VPN groups, and I'm trying to determine how the local routes on the VPN client are created. I know it's based on the vpn group becuase clients with different policies get different routes when they login. I know I should know this as I've setup groups before but for some reason this section of my brain wasnt backed up.



Everyone's tags (3)

VPN profile routing

Hi Charlie,

You are not alone, help is on the way.

Please follow the link below, it is called VPN Filter.  You cannot go wrong if you follow the step by step config guide on the link below, CLI and GUI.

Hope that helps.


Rizwan Rafeek.

New Member

VPN profile routing

The ACLs control the IP routes on the client? I have two different profiles that get different default routes, even If I login both profiles from the same machine.  I dont see that from the ACL.

VPN profile routing

"The ACLs control the IP routes on the client?" yes it is ACL does the trick.

"I dont see that from the ACL."  You create different ACL for different profile.

Hope that helps


Rizwan Rafeek

Cisco Employee

VPN profile routing


If you are doing split tunneling that is what controls which routes are pushed to the client.  Take a look to see in your group policy on the ASA and  if you have a 'split-tunnel-policy tunnelspecified' and split-tunnel-network-list.  If you do, the ACL listed with the split-tunnel-network-list is what is controlling the routes.

If you are using external group authentication '(group-policy policyname type external' in the ASA config) then the configuration is in ACS - but it should still reference split tunneling in ACS.


CreatePlease login to create content