https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784279#M964009 <HTML><HEAD></HEAD><BODY><P> Did Cisco support ever answer your question?&nbsp; I have a similar issue and cannot seem to get a clear answer to it.</P></BODY></HTML> Sat, 21 Dec 2013 05:54:57 GMT Jack Kintz 2013-12-21T05:54:57Z https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784278#M964008 <P>is it possible to add a static route for my remote vpn clients so that when they tunnel through my network they can still access an extra subnet in my network?</P><P></P><P>currently i have two subnets in my network. one has a full tunnel client-to-site vpn connection and now we have this need to allow users to be able to access the other subnet the we have in the network.</P><P></P><P>if this is possible how do i go about it?</P><P></P><P>thanks</P> Mon, 11 Mar 2019 11:05:23 GMT https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784278#M964008 brianbono 2019-03-11T11:05:23Z https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784279#M964009 <HTML><HEAD></HEAD><BODY><P> Did Cisco support ever answer your question?&nbsp; I have a similar issue and cannot seem to get a clear answer to it.</P></BODY></HTML> Sat, 21 Dec 2013 05:54:57 GMT https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784279#M964009 Jack Kintz 2013-12-21T05:54:57Z https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784280#M964010 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>If I understood you correctly, you want VPN clients to access an extra network behind the Firewall or router. Correct?</P><P>If that is the case, on the firewall or router, you need to add a standard access list with the source IP being the internal networks that you want to access through the tunnel from the clients. Then you need to go under the group policy and create a split tunnel list using the ACL you created before.</P><P></P><P>Like so:</P><OL style="color: #000000; font-size: 12px;" type="1"><LI><BLOCKQUOTE class="jive-quote"><PRE style="font-size: 11px; overflow: auto; max-width: 650px; min-width: 400px; height: auto;">ciscoasa(config)#<STRONG>group-policy <GRP_POLICY_NAME> attributes</GRP_POLICY_NAME></STRONG> ciscoasa(config-group-policy)#</PRE></BLOCKQUOTE></LI></OL><P style="color: #000000; font-size: 12px;">Specify the split tunnel policy. In this case the policy is <STRONG>tunnelspecified</STRONG>.</P><BLOCKQUOTE class="jive-quote" style="font-size: 12px;"><PRE style="font-size: 11px; overflow: auto; max-width: 650px; min-width: 400px; height: auto;">ciscoasa(config-group-policy)#<STRONG>split-tunnel-policy tunnelspecified</STRONG></PRE></BLOCKQUOTE><P><SPAN style="line-height: 0px; color: #000000; font-size: 12px;"> </SPAN></P><P><SPAN style="color: #000000; font-size: 12px;">Specify the split tunnel access list. In this case, the list is </SPAN></P><P><STRONG style="color: #000000; font-size: 12px;">Split_Tunnel_List</STRONG><SPAN style="color: #000000; font-size: 12px;">. </SPAN></P><BLOCKQUOTE class="jive-quote" style="font-size: 12px;">ciscoasa(config-group-policy)#<STRONG>split-tunnel-network-list value Split_Tunnel_List</STRONG></BLOCKQUOTE><P></P><P>This way you tell the VPN client, in order to access those networks, use the VPN tunnel.</P><P>Hope this helps.</P></BODY></HTML> Sat, 21 Dec 2013 11:12:07 GMT https://community.cisco.com/t5/network-security/adding-a-static-route-on-a-remote-vpn-client-connection/m-p/784280#M964010 zalkurdi 2013-12-21T11:12:07Z