11-26-2015 04:31 AM
Hello!
We use AnyConnect VPN and have a problem. When esteblishing connection ASA makes a static route for client PC with a mask of 32 bits. How to disable it or make a large mask?
11-26-2015 02:22 PM
As far as I am aware that is the way it works. The AnyConnect client gets an IP address from the ASA and as it is a host it has a 32 bit mask. What are you trying to acheive?
11-27-2015 04:51 AM
Yes, a clients receive IP address with a mask of 32 bits, and the ASA create a static route in the routing table, example, "S 192.168.33.64 255.255.255.255 [1/0] via 1.1.1.1, outside".
We use and Cisco VPN, it also creates static route for each PC, but these routes are not redistributed over EIGRP.
11-27-2015 01:45 PM
What I do is have a static route for 192.168.33.0 255.255.255.0 on the internal switch connected to the ASA pointing to the ASA, and redistribute the static in EIGRP
11-30-2015 04:45 AM
I have a static route for 192.168.33.0 255.255.255.0 on the ASA and redistribute it, but when set vpn the ASA create a static route with a mask of 32 bit and redistribute it.
It looks like it can only be solved filters.
10-20-2016 01:02 AM
Hello, Sergey.
You can redisribute your vpn pool aggregated routes from ASA itself using route-map to filter unwanted /32 routes
Look at this config:
prefix-list pref-static-to-eigrp1 seq 5 permit 192.168.33.0/24
route-map rm-static-to-eigrp1 permit 10
match ip address prefix-list pref-static-to-eigrp1
router eigrp 1
eigrp stub redistributed !!! Only announce redistributed routes
network 192.168.1.1 255.255.255.255 !!! Inside link
redistribute static route-map rm-static-to-eigrp1 !!! Allow only route 192.168.33.0/24 to be redistributed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide