Cisco ASA 5505 VPN client problem

Posted on 2009-02-10
Last Modified: 2012-08-13
I don't get a default gateway when I connect to the firewarll via the VPN client and therefore I don't get access to the rest of the private network. IP config doesn't show any default gateway but only shows address with but not default gateway after I am connected. I also didn't enable DHCP internally with any configurations for DNS because all inside clients have DNS already setup manually ( a problem later discovered by very slow connectivity to a UNIX server). How do rectify this please. Code attached.
: Saved

: Written by enable_15 at 09:44:23.165 UTC Tue Feb 10 2009


ASA Version 7.2(4) 


hostname AS5505A

domain-name default.domain.invalid

enable password s/YMix3yz.ik/III encrypted

passwd 2KFQnbNIdI.2KYOU encrypted



interface Vlan1

 nameif inside

 security-level 100

 ip address 


interface Vlan2

 nameif outside

 security-level 0

 ip address 


interface Vlan3

 no forward interface Vlan1

 nameif dmz

 security-level 50

 ip address 


interface Ethernet0/0

 switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


ftp mode passive

dns server-group DefaultDNS

 domain-name default.domain.invalid

same-security-traffic permit intra-interface

access-list RemoteVPN_splitTunnelAcl standard permit 

access-list inside_nat0_outbound extended permit ip 

pager lines 24

logging asdm informational

mtu inside 1500

mtu outside 1500

mtu dmz 1500

ip local pool RemotePool mask

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-524.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1

route outside 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

http server enable

http inside

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 

crypto dynamic-map outside_dyn_map 20 set pfs 

crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA

crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map

crypto map outside_map interface outside

crypto isakmp enable outside

crypto isakmp policy 10

 authentication pre-share

 encryption 3des

 hash sha

 group 2

 lifetime 86400

telnet inside

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd auto_config outside


group-policy RemoteVPN internal

group-policy RemoteVPN attributes

 vpn-tunnel-protocol IPSec 

 split-tunnel-policy tunnelspecified

 split-tunnel-network-list value RemoteVPN_splitTunnelAcl

username gary password ZobdW6FeX6vY8hBI encrypted privilege 0

username gary attributes

 vpn-group-policy RemoteVPN

username yale password 8ZUAayB7YW8HZqq1 encrypted privilege 0

username yale attributes

 vpn-group-policy RemoteVPN

username kelly password J3E4qGt9W8idx8Tw encrypted privilege 0

username kelly attributes

 vpn-group-policy RemoteVPN

tunnel-group RemoteVPN type ipsec-ra

tunnel-group RemoteVPN general-attributes

 address-pool RemotePool

 default-group-policy RemoteVPN

tunnel-group RemoteVPN ipsec-attributes

 pre-shared-key *


class-map inspection_default

 match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum 512

policy-map global_policy

 class inspection_default

  inspect dns preset_dns_map 

  inspect ftp 

  inspect h323 h225 

  inspect h323 ras 

  inspect rsh 

  inspect rtsp 

  inspect esmtp 

  inspect sqlnet 

  inspect skinny 

  inspect sunrpc 

  inspect xdmcp 

  inspect sip 

  inspect netbios 

  inspect tftp 


service-policy global_policy global

prompt hostname context 


Open in new window

Question by:garyoh
    1 Comment
    LVL 33

    Accepted Solution

    In the group-policy RemoteVPN attributes  you would need to add:

    group-policy RemoteVPN attributes
        dns-server value <IP address 1> <IP address 2>
        wins-server value <Wins ip 1> <Wins ip 2>

        default-domain value <domain>

    Try that.  

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    This article assumes you have at least one Cisco ASA or PIX configured with working internet and a non-dynamic, public, address on the outside interface. If you need instructions on how to enable your device for internet, or basic configuration info…
    For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now