Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
186
Views
0
Helpful
1
Replies

Cisco ASA5505 VPN Remote Client Connectivity

muhammadal1
Level 1
Level 1

‎04-02-2014 11:04 AM

I have an ASA 5505 that has been configured for dual ISP failover and remote access vpn. The remote clients are able to connect to the ASA and tunnel gets established but they are unable to ping anything in the inside network or go to the Internet through the ASA.

 

The remote clients are getting a default gateway that does not exist on the ASA anywhere. I want the defaut gateway to be inside interface of the ASA for the remote clients.

 

Here are the IP config of the remote client.

IP Address: 10.31.111.10

Subnet Mask: 255.255.255.0

Gateway: 10.31.111.1  <--------------------  this does not exist anywhere on the ASA

 

The Inside interface on the ASA is the default gateway of the Internal network. I have configured access-lists to allow VPN space to talk to the Internal network and configured the two networks as NAT Exampt.

Has anyone ran into an issue like this?

You prompt response is much appreciated.

 

Thanks,

 

Muhammad

 

 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-02-2014 01:41 PM

What type of VPN are you using? Normally on a modern SSL VPN (AnyConnect client), there is not a default gateway handed out to the client. Instead, the inside routes of the ASA are passed to the client (consistent with the tunneling policy configured - all networks or those specified) and installed in the client's routing table. The gateway used by the ASA will also be used by the remote access VPN client.

You normally don't need an access-list entry because the VPN users generally bypass the pre-configured access-list.

0 Helpful
Customers Also Viewed These Support Documents