I have numerous networks on my LAN, in a routed-access layer config. I have 1 ASA as an entry point to our network with L2L's and remote access vpns. Right now all of the remote access vpns have 1 global address pool. I'd like to break them down into seperate address pools for various users and their departments. my question is can i assign an address pool ex 10.0.50.20 - 10.0.50.30 to the remote access vpn when i have that network 10.0.50.1 on another router on my network? The DHCP range for that network is 10.0.50.100-254. I tested it out and it seems to work but it seems like there would be a routing issue.
While, it is possible to assign IP Addresses for the VPN RA Users from your internal subnet, it is not recommended. The reason being due to ARP, Proxy ARP, Routing, NONAT, ACL, etc and also makes troubleshooting hard. Also, depending upon your set up, it is easy to track usage, netflow statistic, etc.
Most of the times, in this forum as well as others, you will always see the recommendation is to use a different range of ip addresses other than your internal subnet. And if I were you, that is what I would do.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :