Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Default Gateway Cisco ASA5510 VPN

Avatar of rcs2008
rcs2008Flag for United States of America asked on
RoutersVPNCisco
8 Comments1 Solution1062 ViewsLast Modified:
I have a Cisco ASA5510 that I am trying to connect via VPN (Cisco Client).  I can connect and I get the correct IP address (192.168.10.226-192.168.10.230)  and I get the correct subnet 255.255.255.0.  However for Default Gateway I get 192.168.10.1 and I need to be getting 192.168.10.101 so that I can talk with the other networks we have such as the 192.168.40.x and the 192.168.80.x and the 172.14.42.x

If I connect my machine and set a static IP of 192.168.10.231 with subnet 255.255.255.0 and default gateway 192.168.10.101 everything works correctly and I can talk with all the different networks (192.168.80.X & 172.14.42.X)

Hopefully this is something I have just over looked.
Result of the command: "show running-config"

: Saved
:
ASA Version 7.0(8) 
!
hostname scadavpn
domain-name XXXXXXXXXXX
enable password XXXXXXXX encrypted
passwd XXXXXXXXXXXXX encrypted
names
dns-guard
!
interface Ethernet0/0
 nameif outside
 security-level 10
 ip address dhcp setroute 
!
interface Ethernet0/1
 nameif inside
 security-level 100
 ip address 192.168.10.225 255.255.255.0 
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0 
 management-only
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
access-list inside_nat0_outbound extended permit ip any 192.168.10.224 255.255.255.248 
access-list scada_vpn_splitTunnelAcl standard permit any 
pager lines 24
logging asdm informational
mtu management 1500
mtu inside 1500
mtu outside 1500
ip local pool scada_vpn_pool 192.168.10.226-192.168.10.230 mask 255.255.255.0
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy scada_vpn internal
group-policy scada_vpn attributes
 wins-server value 192.168.10.201
 dns-server value 192.168.10.201
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value XXXXX_vpn_splitTunnelAcl
 default-domain value XXXXXXXXX
 webvpn
username scada password XXXXXXXXXXXXXX encrypted privilege 0
username scada attributes
 vpn-group-policy scada_vpn
 webvpn
http server enable
http 192.168.1.0 255.255.255.0 management
snmp-server location XXXXXXXX
snmp-server contact XXXXXXXXX
snmp-server community XXXXXXXXX
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
tunnel-group scada_vpn type ipsec-ra
tunnel-group scada_vpn general-attributes
 address-pool scada_vpn_pool
 default-group-policy scada_vpn
tunnel-group scada_vpn ipsec-attributes
 pre-shared-key *
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512 
  inspect ftp 
  inspect h323 h225 
  inspect h323 ras 
  inspect rsh 
  inspect rtsp 
  inspect esmtp 
  inspect sqlnet 
  inspect skinny 
  inspect sunrpc 
  inspect xdmcp 
  inspect sip 
  inspect netbios 
  inspect tftp 
!
service-policy global_policy global
Cryptochecksum:XXXXXXXXXXXXXXXXXXXXXXXXXX
: end
ASKER CERTIFIED SOLUTION
Avatar of e1ext
e1ext

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 8 Comments.
See Answers