We have a customer who needs access to physical devices on our network. Currently they have their own ASA on a DSL circuit providing DHCP to devices we have vlan'd on our core switch. We would like to remove their ASA and DSL having them connect via a point to point tunnel over our Internet pipe to our ASA. Our customer needs to use 192. addresses while our network is not 192. We would like our ASA to provide 192. addresses for their tunnel. Is this possible?
Yes - there are a couple of approaches you could use.
1. You could put them all on a separate VLAN and have it use 192.x.x.x addresses with your ASA as the DHCP server. The VLAN could connect to your ASA using a dedicated physical interface or a logical subinterface on a trunk port.
2. You could setup NAT with the VPN so that your devices use your assigned and configured IP addressing and translate to the 192.x.x.x. addresses they know and expect when communicating across the VPN. This can be a bit confusing when troubleshooting since they will not know they are talking to any address other than the one they have been using. Depending on the application, this can sometime cause issues in cases where the application embeds the endpoint IP address in the process.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :