troubleshooting Question

How to change default gateway for Cisco ASA SSL VPN

Avatar of Joergen Lind
Joergen LindFlag for Denmark asked on
CiscoSSL / HTTPSVPNRoutersHardware Firewalls
4 Comments1 Solution328 ViewsLast Modified:
Ok.

So we have this Cisco ASA 5512 running iOS 9.5 (2) 5. (Yes, shining like new car...). We have deployed SSL VPN using clients and have set up split tunneling.

Everything is fine, except that traffic is routed to another firewall and not our internal router.

VPN clients local home router: 192.168.0.1
Cisco ooold Pix:     10.117.0.1
Ciso ASA 5512  :     10.117.0.3
Internal router:      10.117.0.11 (this is where the traffic should go to)

Route print from a connected client (i've removed localhost and unicast addresses from the list):

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1    192.168.0.181     10
     ExtIP         255.255.255.255      192.168.0.1    192.168.0.181     11
       10.117.0.0      255.255.0.0         On-link      10.117.65.33    257
       10.117.0.0      255.255.0.0       10.117.0.1     10.117.65.33      2
     10.117.65.33  255.255.255.255         On-link      10.117.65.33    257
   10.117.255.255  255.255.255.255         On-link      10.117.65.33    257
      172.27.72.0    255.255.248.0       10.117.0.1     10.117.65.33      2
       172.28.0.0      255.255.0.0       10.117.0.1     10.117.65.33      2
      192.168.0.0    255.255.255.0       10.117.0.1     10.117.65.33      2
    192.168.0.181  255.255.255.255         On-link     192.168.0.181    266
    192.168.0.250  255.255.255.255         On-link     192.168.0.181     11
     192.168.11.0    255.255.255.0       10.117.0.1     10.117.65.33      2
    192.168.111.0    255.255.255.0       10.117.0.1     10.117.65.33      2
===========================================================================

Why on earth is the client selecting a random IP (ok, not entirely random IP) instead of - at least - it's own gateway (10.117.0.3)? I've been unable to find a setting in the ASDM for that.

Thanks for any help

Br. Bjorn
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros