Diane,

I suggest you use a very good tool:-

http://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl

HTH>

Marwan,

Can you put several pools on the ASA? There might be 2000 concurrent users.

Thanks.

Diane

Oh yes - they are defined by name!

here is an example of my 3rd party VPN concentrator:-

ip local pool 3rdPartyIPPool_1 10.125.202.1-10.125.202.6 mask 255.255.255.248

ip local pool 3rdPartyIPPool_2 10.125.202.9-10.125.202.14 mask 255.255.255.248

ip local pool 3rdPartyIPPool_3 10.125.202.17-10.125.202.22 mask 255.255.255.248

ip local pool 3rdPartyIPPool_4 10.125.202.25-10.125.202.30 mask 255.255.255.248

ip local pool 3rdPartyIPPool_5 10.125.202.33-10.125.202.38 mask 255.255.255.248

ip local pool 3rdPartyIPPool_6 10.125.202.41-10.125.202.46 mask 255.255.255.248

ip local pool 3rdPartyIPPool_7 10.125.202.49-10.125.202.54 mask 255.255.255.248

ip local pool 3rdPartyIPPool_8 10.125.202.57-10.125.202.62 mask 255.255.255.248

ip local pool 3rdPartyIPPool_9 10.125.202.65-10.125.202.70 mask 255.255.255.248

ip local pool 3rdPartyIPPool_10 10.125.202.73-10.125.202.78 mask 255.255.255.248

You the assign which IP pool you want to the specific VPN profile!

HTH>

Andrew,

Thanks for the prompt response and example. I see your example. But, my brain is blocked to think about my case.

Just for verification purpose, in your example, you have 60 hosts.

In my case, my IP address is 192.168.0.0/16. To have 2000 hosts, I have a range of IP address from 192.168.0.1 - 192.168.255.254 with subnet mask of 255.255.248.0. So, my address pools would look like this

ip local pool 3rdPartyIPPool_1 192.168.0.1-192.168.7.254 mask 255.255.255.248

ip local pool 3rdPartyIPPool_2 192.168.8.1-192.168.15.254 mask 255.255.255.248

ip local pool 3rdPartyIPPool_3 192.168.16.1-192.168.23.254 mask 255.255.255.248

I only have one VPN profile.

Again, thank you very much for your assistance.

Diane

Diane,

OK - if you want to have 2000 IP's on seperate ASA's for remote access I would have something like:-

ASA#1

192.168.0.0/21 or 192.168.0.1 to 192.168.7.254 gives you 2046 hosts

so the config:-

ip local pool Large1 192.168.0.1-192.168.7.254 mask 255.255.248.0

ASA#2

192.168.8.0/21 or 192.168.8.1 to 192.168.15.254 gives you another 2046 hosts!

the config:-

ip local pool Large2 192.168.8.1-192.168.15.254 mask 255.255.248.0

Then you can filter on 2 IP subnets!

HTH>

Andrew,

Thank you very much for your prompt response and explanation. Now, I understand. Now, I know how to read the subnet table. Please ignore the question that was posted 10 minutes ago.

I really appreciate you taking the time to work with me on this question. Now, I understand IP subnets more. Thanks.

Diane

Diane,

No problem - it can be tricky - glad to help.

Diane

I am not clear why Marwan suggested using several pools without knowing anything about what you are trying to do with them. If you plan to use the address pool for a single group in VPN, for example, how could you use more than one pool?

Perhaps you can clarify what you are trying to accomplish and then perhaps we can give better advice.

HTH

Rick

Richard

really i like they way that you analys the cases

but when i saw the question with this big amount of ips i just thought about it from management prespective becuase the bigger ur pool the harder to manage

like filtering, routing maaybe

thats what thought about it

Richard,

Sorry for not making it clear. I have two ASA 5550's. I plan to setup Load Balancing. There might be 2000 concurrent users. So, I need 2000 IP addresses for each ASA. I plan to use the address pool for a single group in VPN. We only have one VPN group.

Please let me know if you need additional information.

Thanks.

Diane