I have an ASA 5520 being used for VPN. We're running AnyConnect SSL client and I have a dhcp scope of 190 addresses. I need to increase this scope as more users connect to it. Can I add a new dhcp scope within the existing subnet mask / broadcast domain or do I have to delete the existing scope and re-create a larger scope.
Example....the following addresses are defined in the existing dhcp scope -
ip local pool SSL_VPN_POOL 10.10.250.64-10.10.250.254 mask 255.255.252.0
And I want to add 10.10.248.1-10.10.248.254 / 22.
Can I add a 2nd pool?
ip local pool SSL_VPN_POOL2 10.10.248.1-10.10.248.254 mask 255.255.252.0
Would I have to assign specific clients to the second pool? I want any client to use the second pool after the first pool is out of addresses.
My understanding is that the second pool addresses will be used only after the first pools addresses have been used.
Eventually I want to add additional addresses to the pool - I'm in the process of de-implementing VPN via PPTP and cutting users over to SSL VPN. I can't add the addresses now because they are in use by the PPTP VPN concentrator.
When they are available the addresses to be used are 10.10.249.1-10.10.249.254 / 22.
At that point can I add a third pool
ip local pool SSL_VPN_POOL3 10.10.249.1-10.10.249.254 mask 255.255.252.0
Or would I have to delete pool2 and add....
ip local pool SSL_VPN_POOL 10.10.248.1-10.10.249.254 mask 255.255.252.0
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...