Anyconnect VPN clients on the same network as the local network or not

This may be a simple question for experts but I'd love to have a better understanding how the network setup between a SSL VPN client and the internal network works
If a SSL VPN anyconnect client is assigned by dhcp (configured on a ASA) an IP address  in a subnet different from the internal network (let's say Internal: 192.168.1.0/24,  VPN_pool 192.168.10.0/24), do I need to configure some static route in the ASA (...or in a L3 switch where the internal network in connected) in order to have the two networks see to eachother? or not ?  Would it be different for an IPsec client instead?


thank you for your help....
ggRM7865Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ggRM7865Author Commented:
wow...I thought the question was pretty simple..
0
ggRM7865Author Commented:
I can reformulate the question as:
AnyConnect clients should or should not be in the same subnet as the internal hosts ???
0
David Johnson, CD, MVPOwnerCommented:
they should be in the same subnet for ease of use
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

ggRM7865Author Commented:
?
0
David Johnson, CD, MVPOwnerCommented:
if they are not in the same subnet then you have visibility issues, gateway issues. and so forth
0
eeRootCommented:
It depends on whether the subnets/VLAN's are defined on your firewall's interface, or on an inside router or layer-3 switch.  If the firewall is not aware of the subnet, it would need a route defined, or a router advertised by a neighboring router.  So the answer is, it depends on the network topology.
0
ggRM7865Author Commented:
So If I make a L3 switch in charge of my Inter VLAN and I have  the inside interface of my ASA 5515  directly connected to a VLAN_int (192.168.1.0/24) where my internal high security network is:
 ASA inside: 192.168.1.30/24
VLAN_int interface: 192.168.1.1/24
VPN_pool: 192.168.100.50 - 192.168.100.100/24
If the internal servers/PCs use the VLAN_int interface' IP address as gateway (I want L3 to do the inter VLAN routing), do I need to specify any static routes in a L3 switch to have a VPN SSL client  see the VLAN_int network? Or do you suggest a better configuration?

thank you for your help!
0
ggRM7865Author Commented:
and the answer is: in the L3 switch I needed  a default root to the ASA inside interface....

thank you
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ggRM7865Author Commented:
..because none gave the answer of the question I was asking.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.