• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

Cisco VPN question

I am setting up an ASA 5510 with five interfaces. Each interface is being used for something (3 ISP connections and an internal connection). There is also the management interface.

I want to create a VPN group to allow users to VPN into the internal network, but I am not sure what address range to assign them. Typically, one of the interfaces is given an address and I configure a pool from there, but in this case, pretty much everything is taken accept the managment range (192.168.0.x).

Can anyone give me an idea of how I should proceed with this?
  • 2
1 Solution
If you use /24 then you can use the 192.168.x.y range of addresses.

i.e. - dmz1 - dmz2 - vpn
Usually you would assign IP addresses from the internal network, either a specified pool or point it to a DHCP server. You can also create a seperate range of IP addresses that aren't being used anywhere and assign them from there. As long as your internal routing is working, it should point back to the VPN tunnel on the PIX.
AsenathWaiteAuthor Commented:
So if the management interface is (the default), could I set up a VPN pool on the router -

and add a route from the internal network to that range, even though there is no "physical" interface associated with that range of addresses. On a router, I would just configure a loopback interaface--but that is not an option on the ASA
Yep. You don't even need the loopback address. As long as there is some route pointing your - 10 addresses to the ASA you should be fine. To make things easier, you should use something with a subnet mask to make your routes easier. for example would give you 14 addresses and make it easy to create a static route if needed.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now