cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1782
Views
0
Helpful
1
Replies
Highlighted
Beginner

Adding routes to Cisco Anyconnect

This scenario might not be possible, but maybe there's a workaround;

We are using Cisco Anyconnect to connect to company resources. We also have a second vpn-installation with added security for access to a second network on a different site, a 3rd party company that has their own installation. A limited number of our users needs to access this. First they establish the VPN. Then they access the portal of the second VPN (A Citrix SSL Extender VPN), and authenticates there. The second VPN tries to add some routes to the local routing table of the client but is not allowed, as the Cisco Anyconnect locks down the routing table. 

I tried to enable split-tunneling, but that is no point as the second VPN is accessed thru the first vpn. Hence, there's no point in adding routes to the Anyconnect routing table as the traffic passes thru the secondary vpn. 

Are there any ways to add a route to the local routing-table of the client? 'Route add...' doesn't work (as expected, since Cisco Anyconnect locks down the routing table). 

 

The reason why we need both VPN's active is cause the users needs to access both our resources and the 3rd party resources at once. So we can't disconnect the company VPN and establish the 3rd party VPN. A site-to-site VPN would solve this, but the 3rd party is not keen on that due to their security policies.

1 REPLY 1
Highlighted
VIP Advisor

Re: Adding routes to Cisco Anyconnect

Hi,
My initial thoughts (like you) would be to use a Site-to-Site VPN from your network, permitting traffic from the remote access VPN network to the 3rd party.

Alternatively what about running some VMs in your network which the remote access users connect to and then establish the VPN to the 3rd Party? They'd still have access to your network from their native computer and the 3rd party from the VM.

The Site-to-Site VPN is the most elegant solution.

HTH