Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Using VPN tunneling and DHCP with an ASA

We have a customer who needs access to physical devices on our network.  Currently they have their own ASA on a DSL circuit providing DHCP to devices we have vlan'd on our core switch.  We would like to remove their ASA and DSL having them connect via a point to point tunnel over our Internet pipe to our ASA.  Our customer needs to use 192. addresses while our network is not 192.  We would like our ASA to provide 192. addresses for their tunnel.  Is this possible?


Hall of Fame Super Silver

Yes - there are a couple of

Yes - there are a couple of approaches you could use.

1. You could put them all on a separate VLAN and have it use 192.x.x.x addresses with your ASA as the DHCP server. The VLAN could connect to your ASA using a dedicated physical interface or a logical subinterface on a trunk port.

2. You could setup NAT with the VPN so that your devices use your assigned and configured IP addressing and translate to the 192.x.x.x. addresses they know and expect when communicating across the VPN. This can be a bit confusing when troubleshooting since they will not know they are talking to any address other than the one they have been using. Depending on the application, this can sometime cause issues in cases where the application embeds the endpoint IP address in the process.

New Member

Thanks Marvin.  This is

Thanks Marvin.  This is helpful knowing the ASA is capable of what we're trying to do.

Hall of Fame Super Silver

You're welcome.Please rate

You're welcome.

Please rate helpful answers and mark your question as answered if it has been.

CreatePlease to create content