in your case i would sugest you to make several pools
and so on
and u can control it through the subnet mask
if helpful rate
Oh yes - they are defined by name!
here is an example of my 3rd party VPN concentrator:-
ip local pool 3rdPartyIPPool_1 10.125.202.1-10.125.202.6 mask 255.255.255.248
ip local pool 3rdPartyIPPool_2 10.125.202.9-10.125.202.14 mask 255.255.255.248
ip local pool 3rdPartyIPPool_3 10.125.202.17-10.125.202.22 mask 255.255.255.248
ip local pool 3rdPartyIPPool_4 10.125.202.25-10.125.202.30 mask 255.255.255.248
ip local pool 3rdPartyIPPool_5 10.125.202.33-10.125.202.38 mask 255.255.255.248
ip local pool 3rdPartyIPPool_6 10.125.202.41-10.125.202.46 mask 255.255.255.248
ip local pool 3rdPartyIPPool_7 10.125.202.49-10.125.202.54 mask 255.255.255.248
ip local pool 3rdPartyIPPool_8 10.125.202.57-10.125.202.62 mask 255.255.255.248
ip local pool 3rdPartyIPPool_9 10.125.202.65-10.125.202.70 mask 255.255.255.248
ip local pool 3rdPartyIPPool_10 10.125.202.73-10.125.202.78 mask 255.255.255.248
You the assign which IP pool you want to the specific VPN profile!
Thanks for the prompt response and example. I see your example. But, my brain is blocked to think about my case.
Just for verification purpose, in your example, you have 60 hosts.
In my case, my IP address is 192.168.0.0/16. To have 2000 hosts, I have a range of IP address from 192.168.0.1 - 192.168.255.254 with subnet mask of 255.255.248.0. So, my address pools would look like this
ip local pool 3rdPartyIPPool_1 192.168.0.1-192.168.7.254 mask 255.255.255.248
ip local pool 3rdPartyIPPool_2 192.168.8.1-192.168.15.254 mask 255.255.255.248
ip local pool 3rdPartyIPPool_3 192.168.16.1-192.168.23.254 mask 255.255.255.248
I only have one VPN profile.
Again, thank you very much for your assistance.
OK - if you want to have 2000 IP's on seperate ASA's for remote access I would have something like:-
192.168.0.0/21 or 192.168.0.1 to 192.168.7.254 gives you 2046 hosts
so the config:-
ip local pool Large1 192.168.0.1-192.168.7.254 mask 255.255.248.0
192.168.8.0/21 or 192.168.8.1 to 192.168.15.254 gives you another 2046 hosts!
ip local pool Large2 192.168.8.1-192.168.15.254 mask 255.255.248.0
Then you can filter on 2 IP subnets!
Thank you very much for your prompt response and explanation. Now, I understand. Now, I know how to read the subnet table. Please ignore the question that was posted 10 minutes ago.
I really appreciate you taking the time to work with me on this question. Now, I understand IP subnets more. Thanks.
I am not clear why Marwan suggested using several pools without knowing anything about what you are trying to do with them. If you plan to use the address pool for a single group in VPN, for example, how could you use more than one pool?
Perhaps you can clarify what you are trying to accomplish and then perhaps we can give better advice.
really i like they way that you analys the cases
but when i saw the question with this big amount of ips i just thought about it from management prespective becuase the bigger ur pool the harder to manage
like filtering, routing maaybe
thats what thought about it
Sorry for not making it clear. I have two ASA 5550's. I plan to setup Load Balancing. There might be 2000 concurrent users. So, I need 2000 IP addresses for each ASA. I plan to use the address pool for a single group in VPN. We only have one VPN group.
Please let me know if you need additional information.