cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
340
Views
0
Helpful
2
Replies

Adding a new IP address pool

pumpkin06
Level 1
Level 1

I need to add a new ip address pool to the VPN concentrator 3015 since we are running out of ip addresses defined in the existent ip address pool.

its configuration is as follows:

[ipaddrpool 1]

rowstatus=1

rangename=

startaddr=172.16.3.6

endaddr=172.16.3.101

mask=255.255.255.128

here is the private ip address of the VPN concentrator:

[ip 1]

enable=1

address=172.16.3.2

mask=255.255.255.128

here is the Tunnel Default Gateway configuration:

[ipglobals]

deftunnelgateway=172.16.3.1

rtrDiscEnable=2

natEnable=2

natTunnelEnable=2

syncall=1

locDefGwPref=1

redistClients=2

redistNetExt=2

synCookies=1

VPN 3015 is configured to assign ip addresses through IP address pools only!

If I add the following address pool

start address: 17.16.3.225

end address: 17.6.3.254

subnet mask: 255.255.255.224

Will it work given that the new ip address pool is not on the same vlan (different subnet) as the private interface of the VPN concentrator? If yes, what additional configuration changes are necessary to make this work?

I do not how to set up the default gateway for the new address pool? Please advise.

Many thanks in advance

2 Replies 2

tstanik
Level 5
Level 5

If the address pool is for the remote vpn client users then make sure that they get the IP's in the same range as the internal network they want to access. Following links may help you

http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/rem_acc.html

http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml

Thanks for your reply.

However, I have successfully added the IP address pool as for the configuration described in my first post.

I was afraid that it would not have worked as the new address pool was in a different subnet from the subnet of the physical interface of the VPN concentrator and that of the VPN Tunnel default gateway.

We have added the IP static route on core switches and firewalls to route the traffic to the new IP address pool, the default gateway being the VPN concentrator's (internal)IP address and it has worked!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: