Solved: Anyconncet change default gateway

jb@komplex-it.dk · ‎10-22-2017

Hello all

I have tried to search both these forums and the web in order to find an answer, to a simple question.

I have a costumer, who wants to use Anyconnect, and not use split tunneling. This is done to control all traffic.

They have another gateway they want VPN clients to use that does not reside on the ASA, It's another firewall lets say it is called 192.168.1.2, and the ASA has 192.168.1.1 as an inside IP addr.

In short they want to achive the following:

Log on with VPN through the ASA, and then route traffic out through another gateway.

Is this possible, I can't seem to find anywhere to change the default gateway settings for VPN clients in ASA?

Regards,

Johan

Rahul Govindan · ‎10-23-2017

Use the tunneled default gateway feature on the ASA. If you want to use a default gateway just for VPN users, the route would look something like this:
route inside 0.0.0.0 0.0.0.0 x.x.x.x tunneled
Example given here:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112182-ssl-tdg-config-example-00.html

View solution in original post

Rahul Govindan · ‎10-23-2017

Use the tunneled default gateway feature on the ASA. If you want to use a default gateway just for VPN users, the route would look something like this:
route inside 0.0.0.0 0.0.0.0 x.x.x.x tunneled
Example given here:
https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112182-ssl-tdg-config-example-00.html

jb@komplex-it.dk · ‎10-23-2017

Thank you, this seems to be what I was looking for!