Cisco VPN client on ASA

Unanswered Question
Feb 26th, 2008

I understand the basics of setting up VPN client on PIX or ASA but could someone tell me how the pool addresses (ie 192.168.1.x) then interact with say the LAN addresses behind the firewall (ie 10.1.1.x)?

I assume the firewall takes care of all the routing between the distinct networks? I'm just not sure which part of the config would relate to this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
tomek0001 Tue, 02/26/2008 - 07:12

The pool address should be distinct from the LAN but routable from it. On the ASA 8.0 you don't even have to configure a loopback address (in IOS you have to).

For example if you use 192.168.1.x/24 on the inside, create a new subnet 192.168.3.x/24 just for the vpn pool and make sure that you advertise that network from the firewall or router connected to it so internal nodes can access it.

Hope that helps.

mikedelafield Tue, 02/26/2008 - 09:23

if the ASA was also the default gateway for any internal nodes i assume they would be able to route back to the VPN pool anyway as they default gateway-ed through the ASA?

tomek0001 Tue, 02/26/2008 - 12:52

Yes you are correct. Think of this as another network that is attached to that ASA but it's attached virtually.


This Discussion