Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client Pool

When configuring VPN client access on a cisco PIX using an IP Pool, how is the designated IP pool (eg 192.168.1.0) allowed access to the internal LAN (eg 10.101.1.0?

Is this NAT'd by the PIX and allowed through? What routing is performed to allow this? Are any access-lists required?

Or is the routing automatic as the PIX is aware of the necessary networks?

1 REPLY
Cisco Employee

Re: VPN Client Pool

Hello,

Unless you have nat configured going from your inside to your outside interface, the pool IP addresses should be able to access the internal network without NAT. Their next hop is the firewall, and if the firewall knows how to route to the rest of the network, you are fine.

If you do have a nat0 - you will want to put a statement in your nat0 access-list (or create one) saying anything going to the pool addresses doesn't need to be translated.

The only caveat is that the rest of your network needds to know where the pool resides - when a packet gets to those internal devices, do they know how to route the source address back to the ASA? That catches a lot of people

--Jason

118
Views
0
Helpful
1
Replies