Hmm, assuming you are using the Cisco VPN client you shouldn't be getting a default if the split-tunnel configuration is working
http://www.cisco.com/en/US/products/ps6120/products_configuration_example091 86a0080702999.shtml#s2 Has pretty good ASDM instructions on how to do this, I don't use the ASDM :) BR, Sibbi On 4.2.2009 07:45, "Eimantas Zdanevičius" <eiman...@occ.lt> wrote: > Sigurbjörn Birkir Lárusson wrote: >> Something along these lines if you wanted to just send 10.10.53.0/24 and >> 10.10.54.0/24 through the VPN tunnel >> >> tunnel-group testgroup general-attributes >> default-group-policy testpolicy >> >> group-policy testpolicy internal >> group-policy testpolicy attributes >> split-tunnel-policy tunnelspecified >> split-tunnel-network-list value TunnelList >> >> access-list TunnelList standard permit 10.10.53.0 255.255.255.0 >> access-list TunnelList standard permit 10.10.54.0 255.255.255.0 >> >> BR, >> Sibbi >> > This perfectly sets routes for specified networks. > But how to disable default gateway setting on vpn client? > > If i go to ASA ASDM->Configuration->VPN->Default Tunnel Gateway it says: > > To configure default tunnel gateway, go to Static Route. > > i have two static routes configured: > > S aaa.bbb.ccc.ddd 255.255.255.255 [1/0] via 10.10.1.2, inside > S* 0.0.0.0 0.0.0.0 [1/0] via 10.10.4.254, outside _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/