Cisco ASA 5510 - Restrictions on IP Pools and DHCP usage
Posted on 2006-04-12
I have been trying to configure a Cisco 5510 for basic Remote Access VPN, the problem I am having is trying to get IP's assigned to remote clients; unless I specifiy a range that doesn't seem to be recognized by the firewall in it's building blocks it won't allow a VPN client to connect. I am pretty sure that this is due to the firewall seeing the IP as something internal and is rejecting it's assignment to a VPN client (in the case of trying to use part of an unused pre-existing internal range) or is trying to route to the IP and it's being routed back into the network instead of out the VPN interface. I am pretty sure in the past on PIX' I have been able to do this with no problem, but I may be misremembering.
This leads to my second problem, that when I specify an internal DHCP server, the same behaviour is seen. I can find nothing to indicate that ACE's need to be in place to allow this per se, but I can't find anything to say otherwise.
Anyone have any suggestions on how I should handle the config? I'd prefer to use the internal DHCP server, but I am trying to determine if the ASA system needs explicit rules to allow the DHCP for VPNs or not.
I was configuring through the ASDM btw, thanks in advance for any thoughts on the matter!