Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ASA remote access VPN IP assignment

I have numerous networks on my LAN, in a routed-access layer config. I have 1 ASA as an entry point to our network with L2L's and remote access vpns. Right now all of the remote access vpns have 1 global address pool. I'd like to break them down into seperate address pools for various users and their departments. my question is can i assign an address pool ex - to the remote access vpn when i have that network on another router on my network? The DHCP range for that network is I tested it out and it seems to work but it seems like there would be a routing issue.

Cisco Employee

Re: ASA remote access VPN IP assignment


While, it is possible to assign IP Addresses for the VPN RA Users from your internal subnet, it is not recommended. The reason being due to ARP, Proxy ARP, Routing, NONAT, ACL, etc and also makes troubleshooting hard. Also, depending upon your set up, it is easy to track usage, netflow statistic, etc.

Most of the times, in this forum as well as others, you will always see the recommendation is to use a different range of ip addresses other than your internal subnet. And if I were you, that is what I would do.



*Pls rate all helpful posts*

New Member

Re: ASA remote access VPN IP assignment

Good advice. Currently that is how it is set up. may consider redesigning it.

CreatePlease to create content