[c-nsp] ASA 5520 Remote Access VPN

Sigurbjörn Birkir Lárusson sigurbjornl at vodafone.is
Wed Feb 4 08:17:13 EST 2009


Hmm, assuming you are using the Cisco VPN client you shouldn't be getting a
default if the split-tunnel configuration is working

http://www.cisco.com/en/US/products/ps6120/products_configuration_example091
86a0080702999.shtml#s2

Has pretty good ASDM instructions on how to do this, I don't use the ASDM :)

BR,
Sibbi


On 4.2.2009 07:45, "Eimantas Zdanevičius" <eimantas at occ.lt> wrote:

> Sigurbjörn Birkir Lárusson wrote:
>> Something along these lines if you wanted to just send 10.10.53.0/24 and
>> 10.10.54.0/24 through the VPN tunnel
>> 
>> tunnel-group testgroup general-attributes
>>     default-group-policy testpolicy
>> 
>> group-policy testpolicy internal
>> group-policy testpolicy attributes
>>     split-tunnel-policy tunnelspecified
>>     split-tunnel-network-list value TunnelList
>> 
>> access-list TunnelList standard permit 10.10.53.0 255.255.255.0
>> access-list TunnelList standard permit 10.10.54.0 255.255.255.0
>> 
>> BR,
>> Sibbi
>>   
> This perfectly sets routes for specified networks.
> But how to disable default gateway setting on vpn client?
> 
> If i go to ASA ASDM->Configuration->VPN->Default Tunnel Gateway it says:
> 
> To configure default tunnel gateway, go to Static Route.
> 
> i have two static routes configured:
> 
> S    aaa.bbb.ccc.ddd 255.255.255.255 [1/0] via 10.10.1.2, inside
> S*  0.0.0.0 0.0.0.0 [1/0] via 10.10.4.254, outside



More information about the cisco-nsp mailing list