cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
635
Views
0
Helpful
3
Replies

ASA with base license-VPN Remote Access

yesenia-m
Level 1
Level 1

Hello

We have ASA with base license, I can only have 2 vlan and a DMZ, these interfaces are already occupied, is required to have a remote access VPN, the VPN settings these remote clients must have a different address, my question is that whether the limitation of the vlan we can do?

Thank you

Regards

3 Replies 3

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

I am not sure if I understand you fully.

But it seems to me that you think you need another Vlan interface for the VPN? This is not the case. The VPN connection will be formed to the Vlan interface with the connection to the external network. The VPN Clients will get IP addresses from a VPN address pool. These addresses will be visible in the routing table of the ASA from behind the external interface where they connected from.

With the Base License only your users can have 2 AnyConnect VPN Client or Clientless VPN connections. If you use the old IPsec VPN Client then you will be able to have 10 concurrent VPN Client connections.

- Jouni

Hi Jouni

This address can be an IP address pool within the inside network or IP addresses must be different?

Regards

Hi,

Some people use IP addresses that are part of the LAN subnet.

I personally avoid this and configure the VPN Pool with different subnet than any of the local networks.

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: