Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA with dedicated VPN interface thats on the same subnet as outside

I was wondering if this is possible or if there is another way around this.

Is it possible to configure the VPN feature on a different interface than the "outside" interface. I want users to connect to a different ip address and interface when connecting through VPN. My goal was to use an interface and name it "vpn" with a security level of 0. The ip address of the vpn interface would be on the same subnet as the outside. This is where I get a error message stating that the subnet overlaps the "outside" interface. Any help would be greatly appreciated.

2 REPLIES

Re: ASA with dedicated VPN interface thats on the same subnet as

Hi .. you can't allocate two IP addresses on the same range to two interfaces unless you want to use your firewall in transparent mode.

so you only have 2 options:

1.- get another public range and allocate it to one of the other interfaces. this interface will terminate the VPN connections.

2.- You could use one of the other interfaces.For example configure one of the interfaces with security level = 1 and address 192.168.1.11/24

and then create a static instruction

static (VPN_interface,outside) x.x.x.x 192.168.1.11 netmask 255.255.255.255

where x.x.x.x is a public address from the availble public range.

I hope it helps ... please rate it if it does !!!

New Member

Re: ASA with dedicated VPN interface thats on the same subnet as

Fernando thanks for the info. Would you recommend going with option 2 if we don't have another public range or just using the outside interface for incoming/outing and vpn traffic. Thanks for your advice.

263
Views
0
Helpful
2
Replies
CreatePlease login to create content