Cisco VPN question

I am setting up an ASA 5510 with five interfaces. Each interface is being used for something (3 ISP connections and an internal connection). There is also the management interface.

I want to create a VPN group to allow users to VPN into the internal network, but I am not sure what address range to assign them. Typically, one of the interfaces is given an address and I configure a pool from there, but in this case, pretty much everything is taken accept the managment range (192.168.0.x).

Can anyone give me an idea of how I should proceed with this?
AsenathWaiteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

2PiFLCommented:
If you use /24 then you can use the 192.168.x.y range of addresses.

i.e.
192.168.1.0 - dmz1
192.168.2.0 - dmz2
192.168.3.0 - vpn
0
clonga13Commented:
Usually you would assign IP addresses from the internal network, either a specified pool or point it to a DHCP server. You can also create a seperate range of IP addresses that aren't being used anywhere and assign them from there. As long as your internal routing is working, it should point back to the VPN tunnel on the PIX.
0
AsenathWaiteAuthor Commented:
So if the management interface is 192.168.1.1 (the default), could I set up a VPN pool on the router

192.168.2.1 - 192.168.2.10

and add a route from the internal network to that range, even though there is no "physical" interface associated with that range of addresses. On a router, I would just configure a loopback interaface--but that is not an option on the ASA
0
clonga13Commented:
Yep. You don't even need the loopback address. As long as there is some route pointing your 192.168.2.1 - 10 addresses to the ASA you should be fine. To make things easier, you should use something with a subnet mask to make your routes easier. 192.168.2.0 255.255.255.240 for example would give you 14 addresses and make it easy to create a static route if needed.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.