cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1561
Views
0
Helpful
2
Replies

SSL VPN route table on MacOS and Linux troubles (Windows ok)

ankama_network
Level 1
Level 1

Hi,

We have enabled SSL VPN for externals users.

Everything is just fine for Windows users but Mac and Linux users have some troubles :

When the local network of the clients is a subnet of the tunneled routes, traffic destinated to the addresses of the client network does NOT go through the VPN adapter.

Example :

client network :

192.168.0.0/24 gw 192.168.0.1

tunneled routes (split tunnel):

192.168.0.0/16

VPN address pool :

10.1.2.0/24

If a VPN client talks to an address that is not  in 192.168.0.0/24 but in 192.168.0.0/16, traffic is OK through VPN.

If a VPN client talks to an address that is in 192.168.0.0/24, traffic does not go through VPN adapter.

The route tables at VPN start indicates

default -> 192.168.0.1 (client interface)

192.168.0.0/16 -> 10.1.2.x (VPN adapter)

For example, if I try to ping 192.168.0.200, the route table adds an entry :

192.168.0.200 -> 192.168.0.x (client interface)

Wheras it should even not appear (because of the second line in the above list)

Is there any way to change that behavior (the device is an ASA 5510) ?

Thanks

2 Replies 2

m.kafka
Level 4
Level 4