Hey all, I am currently stuck trying to get an additional subnet advertised and talking to Cisco AnyConnect users. I have limited knowledge of ASAs (have mostly worked with PA’s in past).
Here is how the subnets are being defined in access-list.
#show run access-list VPN-SplitTunnel
access-list VPN-SplitTunnel standard permit 10.36.41.0 255.255.255.0
access-list VPN-SplitTunnel standard permit 10.101.0.0 255.255.255.0
The problem is after a user connects to the VPN, the new route does not show up in Windows route table.
Where else do I need to add a route, so the users can receive the route.
TiA.
Does the route show up in on the client’s AnyConnect statistics->routes tab?
Adding the new route to the correct ACL is usually all you need to do, perhaps that’s not the correct ACL name? Check the associated group policy for the VPN tunnel group.
To add a route to a subnet using Cisco AnyConnect, you can follow these steps:
Connect to the VPN: Launch the Cisco AnyConnect Secure Mobility Client and establish a connection to your VPN network. Enter the necessary credentials, such as the VPN server address, username, and password.
Open AnyConnect Preferences: Once connected, locate the Cisco AnyConnect icon in your system tray or taskbar (Windows) or menu bar (Mac). Right-click or Ctrl+click on the icon and select “Open AnyConnect” or “Open AnyConnect Preferences.”
Access VPN Preferences: In the AnyConnect Preferences window, navigate to the “Preferences” tab. Look for the section related to routing or split tunneling. The location may vary slightly depending on the version of AnyConnect you are using.
Enable Local LAN Access: Enable the option that allows local LAN access or split tunneling. This option permits your device to access both the VPN network and your local network simultaneously.
Add a Route: Once split tunneling or local LAN access is enabled, you can add a specific route to a subnet. Locate the “Routes” or “Network List” section within the AnyConnect Preferences.
Add the Subnet Route: Click on the “Add” or “+” button to add a new route. Specify the subnet you want to add by entering the network address and subnet mask. You may also need to specify the gateway or interface through which the subnet should be accessed.
Save and Apply Changes: After adding the subnet route, save your changes in the AnyConnect Preferences window. Click on “Apply” or “OK” to apply the new route configuration.
Disconnect and Reconnect: To ensure the changes take effect, disconnect from the VPN network and then reconnect. This will establish a new VPN connection with the updated routing configuration.
After completing these steps, your device should be able to access the specified subnet via the Cisco AnyConnect VPN connection. Remember that these instructions are general and can vary depending on the specific version of AnyConnect you are using.
Where are those subnets routed? If the gateway for those subnets is on a different device IE: a Router then you need to add a static route on the ASA “Route inside 10.36.41.0255.255.255.0 [next hop ip]”.