AnyConnect ip pool change

Answered Question
Jun 14th, 2010

Hi all,

I am still not proficient with the ASA as I would like to be.

I have inherited an ASA with an AnyConnect IP Pool 192.168.6.1 - .254. Now currently the address pool is on the same VLAN as the inside interface, 192.168.0.20/21. Now that whole VLAN includes the range of 192.168.6.x but with a /21.

Is it possible to edit the AnyConnect IP pool as something other than the same VLAN as the inside interface? Let's say I would like to change it to 10.110.6.0/24.

If so, since our ASA is also running OSPF, i assume I would need to add the new IP pools network to OSPF as well?

Hopefully you can understand my question.

Thanks in advance.

I have this problem too.
0 votes
Correct Answer by edadios about 6 years 7 months ago

You can assign the ip pool that you want for the client.

Just ensure to also edit the nat 0 access-list associated with it, and if you are also doing any split tunneling acl. And yes, you have to manage the routing so that the pool address is sent  back to the firewall.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac02asaconfig.html#wp1083010

Regards,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
edadios Mon, 06/14/2010 - 17:49

You can assign the ip pool that you want for the client.

Just ensure to also edit the nat 0 access-list associated with it, and if you are also doing any split tunneling acl. And yes, you have to manage the routing so that the pool address is sent  back to the firewall.

http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect25/administration/guide/ac02asaconfig.html#wp1083010

Regards,

Actions

This Discussion