Solved: ASA 5525-X AnyConnect -- Default Gateway

Joseph E Spoon · ‎12-30-2014

I have AnyConnect setup on an ASA5525-X. It is working with the exception that it makes the default gateway the VPN instead of injecting routes and keeping the local gateway as the default gateway. Is there any way to do this through the client or ASA side configuration?

Marvin Rhoads · ‎12-30-2014

On the ASA you would need to have something like the following setup within the group-policy:

split-tunnel-policy tunnelspecified
split-tunnel-network-list value 110

The "110" in this example refers back to an access-list 110 that specifies the networks you want to reach via the remote access VPN.

All other networks should remain reached via the default gateway that exists on the client even without the VPN.

View solution in original post

Marvin Rhoads · ‎12-30-2014

On the ASA you would need to have something like the following setup within the group-policy:

split-tunnel-policy tunnelspecified
split-tunnel-network-list value 110

The "110" in this example refers back to an access-list 110 that specifies the networks you want to reach via the remote access VPN.

All other networks should remain reached via the default gateway that exists on the client even without the VPN.

Joseph E Spoon · ‎12-30-2014

I did this through ASDM and once I specified the networks through a standard ACL in the ASDM it worked great. I appreciate your assistance with this, and the quick response time.

Thanks