cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
268
Views
0
Helpful
4
Replies
Highlighted
Beginner

Issue with route on PC with split tunnel VPN

Hi all,

I have the following situation:

ASA 5515X running 8.6               

I have multiple inside sub interfaces:

.10 =192.168.10.124

.11 =192.168.11.124

.12 = 192.168.12.1/24

.13 = 192.168.13.1/24

.14 = 192.168.14.1/24

Now I want to set up a IPSec remote access VPN:

I assign the range 192.168.99.5 to 192.168.99.50 for VPN clients.

I configured split tunneling for the following networks: 192.168.10.0, 192.168.11.0 and 192.168.12.0

These are also NAT exempt.

So the config looks good.

The VPN is up.

However, when connecting to the VPN none of these networks are available.

After troubleshooting, I discovered the following:

The IP address recieved on my VPN adapter is 192.168.99.5 (as expected)

However when I do a route print, I see the following:

Destination             Netmask                Gateway               Interface

192.168.10.0          255.255.255.0      192.168.99.1       192.168.99.5

192.168.11.0          255.255.255.0      192.168.99.1       192.168.99.5

192.168.12.0          255.255.255.0      192.168.99.1       192.168.99.5

The gateway in my PC's routing table is pointing to a non existing address, in my opinion it schould be set to the same address as my VPN adapter (192.168.99.5).

I did try this both with annyconnect and the classic VPN client.

Where am I going wrong?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

No, this ip route pointing to 192.168.99.1 is correct. This is not the cause of the problem.

View solution in original post

4 REPLIES 4
Highlighted
Enthusiast

The gateway address you see on the virtual interface (the one created by VPN connection) is not important.

This address sometimes is the same address as your interface, sometimes it's blank. It doesn't matter. This is not the problem. Just ignore it and look somewhere else to keep troubleshooting.

Highlighted

The gateway address listed in my post is not the default gateway on my virtual VPN interface on my PC.

My virtual interface default gateway is blank, as expected.

the output I posted is the one comming from the "route print" command on my PC.

So it will send traffic to 192.168.99.1 (non existing IP) for the 3 tunneld networks, I think it should use the IP of my virtual VPN interface?

Highlighted

No, this ip route pointing to 192.168.99.1 is correct. This is not the cause of the problem.

View solution in original post

Highlighted

Indeed, the problem was not on the ASA but on the underlying equipment.

It is also true thet the next hop for the tunneled networks varies, somtimes it is the same, sometimes its something random.

Annyway, issue resolved.