Joergen Lind
asked on
How to change default gateway for Cisco ASA SSL VPN
Ok.
So we have this Cisco ASA 5512 running iOS 9.5 (2) 5. (Yes, shining like new car...). We have deployed SSL VPN using clients and have set up split tunneling.
Everything is fine, except that traffic is routed to another firewall and not our internal router.
VPN clients local home router: 192.168.0.1
Cisco ooold Pix: 10.117.0.1
Ciso ASA 5512 : 10.117.0.3
Internal router: 10.117.0.11 (this is where the traffic should go to)
Route print from a connected client (i've removed localhost and unicast addresses from the list):
Why on earth is the client selecting a random IP (ok, not entirely random IP) instead of - at least - it's own gateway (10.117.0.3)? I've been unable to find a setting in the ASDM for that.
Thanks for any help
Br. Bjorn
So we have this Cisco ASA 5512 running iOS 9.5 (2) 5. (Yes, shining like new car...). We have deployed SSL VPN using clients and have set up split tunneling.
Everything is fine, except that traffic is routed to another firewall and not our internal router.
VPN clients local home router: 192.168.0.1
Cisco ooold Pix: 10.117.0.1
Ciso ASA 5512 : 10.117.0.3
Internal router: 10.117.0.11 (this is where the traffic should go to)
Route print from a connected client (i've removed localhost and unicast addresses from the list):
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.181 10
ExtIP 255.255.255.255 192.168.0.1 192.168.0.181 11
10.117.0.0 255.255.0.0 On-link 10.117.65.33 257
10.117.0.0 255.255.0.0 10.117.0.1 10.117.65.33 2
10.117.65.33 255.255.255.255 On-link 10.117.65.33 257
10.117.255.255 255.255.255.255 On-link 10.117.65.33 257
172.27.72.0 255.255.248.0 10.117.0.1 10.117.65.33 2
172.28.0.0 255.255.0.0 10.117.0.1 10.117.65.33 2
192.168.0.0 255.255.255.0 10.117.0.1 10.117.65.33 2
192.168.0.181 255.255.255.255 On-link 192.168.0.181 266
192.168.0.250 255.255.255.255 On-link 192.168.0.181 11
192.168.11.0 255.255.255.0 10.117.0.1 10.117.65.33 2
192.168.111.0 255.255.255.0 10.117.0.1 10.117.65.33 2
===========================================================================
Why on earth is the client selecting a random IP (ok, not entirely random IP) instead of - at least - it's own gateway (10.117.0.3)? I've been unable to find a setting in the ASDM for that.
Thanks for any help
Br. Bjorn
Check the vpn pool configuration options as you are pushing the 10.117.0.1 as the gateway.
ASKER
Well, There are really no VPN pool options as such. It's only Starting & ending IP address + subnet mask.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We put the VPN clients on a separate network and added rules and routes etc similar to a DMZ zone configuration. That worked much better.
Thanks for the input.
Thanks for the input.