ASA5510 RA VPN, ACS assigned address different subnet than inside interface

Unanswered Question
Jun 26th, 2008
User Badges:

Currently we have our RA tunnels set up with IP Address pools that are in the same subnet as the ASA inside interface and that works to give the clients connectivity.


I have seen that this is not the best way to go with this and also have seen some config snippets.


But I have not seen exactly how this should be done, and I don't really see anything in the config examples.


For example, If my ASA is 10.10.10.1 and I want to assign each person a specific IP Address in an address pool and I want each group to be in a different subnet:


Eng = 192.168.100.0

Bob = 192.168.100.1

Bill = 192.168.100.2


Sales = 192.168.200.0

Sue = 192.168.200.1

Sam = 192.168.200.2


I have two core switches with the SVIs configured for these subnets.


But, I don't see how the routing is accomplised in the ASA.


Also, I can configure the ACS to give each person an IP Address, but not sure what is needed in the ASA.


Do the pools still need to be configured in the ASA and the ACS hands the client an address that I specify in that pool?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion