Solved

Cisco VPN question

Posted on 2009-07-15
4
269 Views
Last Modified: 2012-05-07
I am setting up an ASA 5510 with five interfaces. Each interface is being used for something (3 ISP connections and an internal connection). There is also the management interface.

I want to create a VPN group to allow users to VPN into the internal network, but I am not sure what address range to assign them. Typically, one of the interfaces is given an address and I configure a pool from there, but in this case, pretty much everything is taken accept the managment range (192.168.0.x).

Can anyone give me an idea of how I should proceed with this?
0
Comment
Question by:AsenathWaite
  • 2
4 Comments
 
LVL 16

Expert Comment

by:2PiFL
Comment Utility
If you use /24 then you can use the 192.168.x.y range of addresses.

i.e.
192.168.1.0 - dmz1
192.168.2.0 - dmz2
192.168.3.0 - vpn
0
 
LVL 7

Expert Comment

by:clonga13
Comment Utility
Usually you would assign IP addresses from the internal network, either a specified pool or point it to a DHCP server. You can also create a seperate range of IP addresses that aren't being used anywhere and assign them from there. As long as your internal routing is working, it should point back to the VPN tunnel on the PIX.
0
 

Author Comment

by:AsenathWaite
Comment Utility
So if the management interface is 192.168.1.1 (the default), could I set up a VPN pool on the router

192.168.2.1 - 192.168.2.10

and add a route from the internal network to that range, even though there is no "physical" interface associated with that range of addresses. On a router, I would just configure a loopback interaface--but that is not an option on the ASA
0
 
LVL 7

Accepted Solution

by:
clonga13 earned 125 total points
Comment Utility
Yep. You don't even need the loopback address. As long as there is some route pointing your 192.168.2.1 - 10 addresses to the ASA you should be fine. To make things easier, you should use something with a subnet mask to make your routes easier. 192.168.2.0 255.255.255.240 for example would give you 14 addresses and make it easy to create a static route if needed.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now