ASA VPN local pool

Answered Question
Nov 26th, 2008

All,

I don't see a problem with this, but I wanted to ask your opinion. Currently, we have a local pool on our ASA that hands out 192.168.100.1 - .254. I want to extend this range, and my idea is to assign a 172.16.0.0/22. This would give me 1022 hosts.

Considering this is only for VPN, there shouldn't be any issues with changing the pool for this, correct? Or is it possible for me to add another two or three local pools for the VPN to pull from when the first pool is exhausted?

Thanks!

John

I have this problem too.
0 votes
Correct Answer by ajagadee about 8 years 2 months ago

John,

Both the above options are valid. You can reconfigure the pool to a /22 subnet or configure multiple pools. Just make sure that you edit your NAT 0 ACL, Split Tunnel, Internal routing to reflect the newly configured pool.

Also, you can configure upto 6 address pools under the IPSEC Attributes.

Example:

tunnel-group DefaultRAGroup general-attributes

address-pool VPNPOOL-1

address-pool VPNPOOL-2

address-pool VPNPOOL-3

address-pool VPNPOOL-4

address-pool VPNPOOL-5

address-pool VPNPOOL-6

Regards,

Arul

*Pls rate if it helps*

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
ajagadee Wed, 11/26/2008 - 08:59

John,

Both the above options are valid. You can reconfigure the pool to a /22 subnet or configure multiple pools. Just make sure that you edit your NAT 0 ACL, Split Tunnel, Internal routing to reflect the newly configured pool.

Also, you can configure upto 6 address pools under the IPSEC Attributes.

Example:

tunnel-group DefaultRAGroup general-attributes

address-pool VPNPOOL-1

address-pool VPNPOOL-2

address-pool VPNPOOL-3

address-pool VPNPOOL-4

address-pool VPNPOOL-5

address-pool VPNPOOL-6

Regards,

Arul

*Pls rate if it helps*

Actions

This Discussion