Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
514
Views
0
Helpful
4
Replies

Any Connect Via ASDM

Go to solution
Joshuabowers
Level 1
Level 1

‎01-20-2017 11:23 PM

When I tried to configure anyconnect via asdm wizard it asked for a IP Pool.

Does the ip pool correspond with a actual asa interface network like the inside interface or is it a separate pool of ips that have to be on a different network that doesn't exist on any of the interfaces..

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Joshuabowers

‎01-22-2017 03:10 AM

Hi,

Once the VPN client connects to ASA, it will tunnel all traffic between the client and ASA. In case you enable split tunneling, you can exclude subnets which shouldn't go over the VPN tunnel including intranet subnets. Also, you have an option to enable local LAN access which overcomes this problem.

Also, you don't need an ACL on outside interface to allow access to ASA AnyConnect Server

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rahul Govindan
VIP Alumni
VIP Alumni

‎01-21-2017 05:43 AM

You can have it both ways, not necessary to have a separate network. I would recommend a separate network, so that access and NAT policies can be differentiated for your internal networks and VPN pool.

0 Helpful

Go to solution
Joshuabowers
Level 1
Level 1
In response to Rahul Govindan

‎01-21-2017 09:28 PM

In the Asdm wizard it doesn't ask to program a default gateway. How does the vpn client know how to talk to other devices in the intranetwork. I like the idea of a separate subnet for the vpn pool.

for the outside interface would I just make a any source , outside interface ip = port 443 acl 

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Joshuabowers

‎01-22-2017 12:56 AM

The client will get routes for the subnets you configure for access via the VPN once the tunnel is activated.

The traffic exiting the ASA at the other end will use the ASA's routing table.

If you use a pool other than the same subnet that the ASA inside interface is in, be sure that the remote networks know to use the ASA as the route for those pool addresses. (moot point if the ASA is the default gateway)

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Joshuabowers

‎01-22-2017 03:10 AM

Hi,

Once the VPN client connects to ASA, it will tunnel all traffic between the client and ASA. In case you enable split tunneling, you can exclude subnets which shouldn't go over the VPN tunnel including intranet subnets. Also, you have an option to enable local LAN access which overcomes this problem.

Also, you don't need an ACL on outside interface to allow access to ASA AnyConnect Server

0 Helpful
Customers Also Viewed These Support Documents