multiple VPN tunnels on 1 ASA

Robin Swan · ‎08-15-2014

Hello,

Right now for a pilot project, I need to get 1 public IP to VPN into our network. We already have a VPN network setup for the Cisco Anyconnect and it has an IP Pool of Class C addresses that are allowed to connect to our resources on the Class A network.

The Public IP is on a G4 capable device, and right now, I only need to connect the device to get into our network. I would like it to be similar to our AnyConnect setup. However, do I have to map it to the existing VPN Pool, or do I make a totally different VPN pool? The pool is actually a /24, but the addresses are setup only from 64-254 which only allows simultaneous 190 clients. I'm sure that there are no more than 10-20 simultaneous connections at any given time or slightly more. But not the entire 190.

Also, do all the VPN's have to share the same isakmp policy?

Thank you in Advance.

josfonse · ‎08-15-2014

Hi, You can use the same VPN pool in multiple connection profiles or tunnel groups without any restriction, the only concern is to have enough IP addresses available. The IPSec client and the ASA will negotiate the ike parameters during the phase 1 negotiation. Just make sure you have matching ike parameters. Let me know if you need more clarification orif you have more questions.

nkarthikeyan · ‎08-15-2014

If you do not want to restrict a different things for different clinets.... then it shoud be okay.....

Regards

Karthik