I'm configuring WebVPN on an ASA, and using the "ip local pool" command to define a range of addresses that the clients will be assigned once they VPN in. This IP range is /not/ from any directly connected networks and/or already in the existing routing table.
So although remote users can WebVPN into the ASA with no problem, they can't get anywhere afterwards.
I can add a static route on an internal router to point to the ASA for that subnet, but my gut tells me I should be adding the route as close to the ASA as possible, preferably ON the asa.
What do I need to do to get the routes for the local pool added to the ASA's routing table? Is this a case for reverse-route injection? (which I'm not as familiar with as I should be, hence the post.) Should I just add it to the internal router for simplicity?
Ultimately this config is going to be put on about 15 ASA's company-wide, so its important to get right the first time.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...