Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
505
Views
3
Helpful
3
Replies

Cisco VPN client on ASA

mikedelafield
Level 1
Level 1

‎02-26-2008 02:51 AM

I understand the basics of setting up VPN client on PIX or ASA but could someone tell me how the pool addresses (ie 192.168.1.x) then interact with say the LAN addresses behind the firewall (ie 10.1.1.x)?

I assume the firewall takes care of all the routing between the distinct networks? I'm just not sure which part of the config would relate to this?

Labels:
0 Helpful
3 Replies 3

tomek0001
Level 4
Level 4

‎02-26-2008 07:12 AM

The pool address should be distinct from the LAN but routable from it. On the ASA 8.0 you don't even have to configure a loopback address (in IOS you have to).

For example if you use 192.168.1.x/24 on the inside, create a new subnet 192.168.3.x/24 just for the vpn pool and make sure that you advertise that network from the firewall or router connected to it so internal nodes can access it.

Hope that helps.

mikedelafield
Level 1
Level 1
In response to tomek0001

‎02-26-2008 09:23 AM

if the ASA was also the default gateway for any internal nodes i assume they would be able to route back to the VPN pool anyway as they default gateway-ed through the ASA?

0 Helpful

tomek0001
Level 4
Level 4
In response to mikedelafield

‎02-26-2008 12:52 PM

Yes you are correct. Think of this as another network that is attached to that ASA but it's attached virtually.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents