Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco asa 5510 VPN Ips

Posted on 2006-07-14
2
Medium Priority
?
306 Views
Last Modified: 2013-11-16
Hello, I have a cisco VPN and I'm trying to figure out the VPN settings.
I have the inside interface 192.168.20.0/16

When I set the VPN, Do I have to give the VPN users IPs from the same range or can I just give them any IP and the firewall will create the routes.
When we were using the CYberguard VPN the clients used to get ips from an very rare range 20.20.20.0/24 ..........This way they will never have problems when they connect to the vpn server and the local lan that they are connecting from  is on the same range as our network.

0
Comment
Question by:quippee
2 Comments
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 2000 total points
ID: 17107902
Cisco recommends that the VPN users IP subnet be on a different subnet than that of the internal network to avoid any routing issues.The ASA will automatically take care of routing for the VPN IP subnet. If the internal network's default gateway is pointed to the ASA inside interface, then you have nothing to worry about. Most of the time when the VPN user's subnet is on the same subnet as that of the internal network, the VPN users are not able to pass any traffic.
0
 

Author Comment

by:quippee
ID: 17108351
Yup. I tried it again and it works.....I have different IPs for the VPN users and they are able to connect to the network......I havent enable split tunneling so they should have access to the internet through the VPN but is not working......DNS resolutino is working OK.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question