[c-nsp] ASA 5520 Remote Access VPN
Sigurbjörn Birkir Lárusson
sigurbjornl at vodafone.is
Wed Feb 4 08:17:13 EST 2009
Hmm, assuming you are using the Cisco VPN client you shouldn't be getting a
default if the split-tunnel configuration is working
http://www.cisco.com/en/US/products/ps6120/products_configuration_example091
86a0080702999.shtml#s2
Has pretty good ASDM instructions on how to do this, I don't use the ASDM :)
BR,
Sibbi
On 4.2.2009 07:45, "Eimantas Zdanevičius" <eimantas at occ.lt> wrote:
> Sigurbjörn Birkir Lárusson wrote:
>> Something along these lines if you wanted to just send 10.10.53.0/24 and
>> 10.10.54.0/24 through the VPN tunnel
>>
>> tunnel-group testgroup general-attributes
>> default-group-policy testpolicy
>>
>> group-policy testpolicy internal
>> group-policy testpolicy attributes
>> split-tunnel-policy tunnelspecified
>> split-tunnel-network-list value TunnelList
>>
>> access-list TunnelList standard permit 10.10.53.0 255.255.255.0
>> access-list TunnelList standard permit 10.10.54.0 255.255.255.0
>>
>> BR,
>> Sibbi
>>
> This perfectly sets routes for specified networks.
> But how to disable default gateway setting on vpn client?
>
> If i go to ASA ASDM->Configuration->VPN->Default Tunnel Gateway it says:
>
> To configure default tunnel gateway, go to Static Route.
>
> i have two static routes configured:
>
> S aaa.bbb.ccc.ddd 255.255.255.255 [1/0] via 10.10.1.2, inside
> S* 0.0.0.0 0.0.0.0 [1/0] via 10.10.4.254, outside
More information about the cisco-nsp
mailing list