Cisco Support Community
Community Member

ASA5510 RA VPN, ACS assigned address different subnet than inside interface

Currently we have our RA tunnels set up with IP Address pools that are in the same subnet as the ASA inside interface and that works to give the clients connectivity.

I have seen that this is not the best way to go with this and also have seen some config snippets.

But I have not seen exactly how this should be done, and I don't really see anything in the config examples.

For example, If my ASA is and I want to assign each person a specific IP Address in an address pool and I want each group to be in a different subnet:

Eng =

Bob =

Bill =

Sales =

Sue =

Sam =

I have two core switches with the SVIs configured for these subnets.

But, I don't see how the routing is accomplised in the ASA.

Also, I can configure the ACS to give each person an IP Address, but not sure what is needed in the ASA.

Do the pools still need to be configured in the ASA and the ACS hands the client an address that I specify in that pool?


Re: ASA5510 RA VPN, ACS assigned address different subnet than i

Better to reset an IP pool and reclaim all its IP addresses:

Use this User Guide for Cisco Secure Access Control Server 4.1 System Configuration: Advanced

CreatePlease to create content