Solved: ASA VPN local pool

John Blakley · ‎11-26-2008

All,

I don't see a problem with this, but I wanted to ask your opinion. Currently, we have a local pool on our ASA that hands out 192.168.100.1 - .254. I want to extend this range, and my idea is to assign a 172.16.0.0/22. This would give me 1022 hosts.

Considering this is only for VPN, there shouldn't be any issues with changing the pool for this, correct? Or is it possible for me to add another two or three local pools for the VPN to pull from when the first pool is exhausted?

Thanks!

John

HTH, John *** Please rate all useful posts ***

ajagadee · ‎11-26-2008

John,

Both the above options are valid. You can reconfigure the pool to a /22 subnet or configure multiple pools. Just make sure that you edit your NAT 0 ACL, Split Tunnel, Internal routing to reflect the newly configured pool.

Also, you can configure upto 6 address pools under the IPSEC Attributes.

Example:

tunnel-group DefaultRAGroup general-attributes

address-pool VPNPOOL-1

address-pool VPNPOOL-2

address-pool VPNPOOL-3

address-pool VPNPOOL-4

address-pool VPNPOOL-5

address-pool VPNPOOL-6

Regards,

Arul

*Pls rate if it helps*

View solution in original post

ajagadee · ‎11-26-2008