Solved

Cisco VPN question

Posted on 2009-07-15
4
274 Views
Last Modified: 2012-05-07
I am setting up an ASA 5510 with five interfaces. Each interface is being used for something (3 ISP connections and an internal connection). There is also the management interface.

I want to create a VPN group to allow users to VPN into the internal network, but I am not sure what address range to assign them. Typically, one of the interfaces is given an address and I configure a pool from there, but in this case, pretty much everything is taken accept the managment range (192.168.0.x).

Can anyone give me an idea of how I should proceed with this?
0
Comment
Question by:AsenathWaite
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Expert Comment

by:2PiFL
ID: 24860430
If you use /24 then you can use the 192.168.x.y range of addresses.

i.e.
192.168.1.0 - dmz1
192.168.2.0 - dmz2
192.168.3.0 - vpn
0
 
LVL 7

Expert Comment

by:clonga13
ID: 24860956
Usually you would assign IP addresses from the internal network, either a specified pool or point it to a DHCP server. You can also create a seperate range of IP addresses that aren't being used anywhere and assign them from there. As long as your internal routing is working, it should point back to the VPN tunnel on the PIX.
0
 

Author Comment

by:AsenathWaite
ID: 24861115
So if the management interface is 192.168.1.1 (the default), could I set up a VPN pool on the router

192.168.2.1 - 192.168.2.10

and add a route from the internal network to that range, even though there is no "physical" interface associated with that range of addresses. On a router, I would just configure a loopback interaface--but that is not an option on the ASA
0
 
LVL 7

Accepted Solution

by:
clonga13 earned 125 total points
ID: 24861457
Yep. You don't even need the loopback address. As long as there is some route pointing your 192.168.2.1 - 10 addresses to the ASA you should be fine. To make things easier, you should use something with a subnet mask to make your routes easier. 192.168.2.0 255.255.255.240 for example would give you 14 addresses and make it easy to create a static route if needed.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Password recovery 2960S 4 54
Show IP BGP Information 10 73
Cisco Switch slow_Faulty Link 7 55
how to know if a router is connected to a certain port 9 47
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question