03-31-2008 09:07 AM - edited 02-21-2020 01:57 AM
I need to add a new ip address pool to the VPN concentrator 3015 since we are running out of ip addresses defined in the existent ip address pool.
its configuration is as follows:
[ipaddrpool 1]
rowstatus=1
rangename=
startaddr=172.16.3.6
endaddr=172.16.3.101
mask=255.255.255.128
here is the private ip address of the VPN concentrator:
[ip 1]
enable=1
address=172.16.3.2
mask=255.255.255.128
here is the Tunnel Default Gateway configuration:
[ipglobals]
deftunnelgateway=172.16.3.1
rtrDiscEnable=2
natEnable=2
natTunnelEnable=2
syncall=1
locDefGwPref=1
redistClients=2
redistNetExt=2
synCookies=1
VPN 3015 is configured to assign ip addresses through IP address pools only!
If I add the following address pool
start address: 17.16.3.225
end address: 17.6.3.254
subnet mask: 255.255.255.224
Will it work given that the new ip address pool is not on the same vlan (different subnet) as the private interface of the VPN concentrator? If yes, what additional configuration changes are necessary to make this work?
I do not how to set up the default gateway for the new address pool? Please advise.
Many thanks in advance
04-04-2008 09:34 AM
If the address pool is for the remote vpn client users then make sure that they get the IP's in the same range as the internal network they want to access. Following links may help you
http://www.cisco.com/en/US/docs/security/asa/asa80/getting_started/asa5505/quick/guide/rem_acc.html
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml
04-07-2008 05:45 AM
Thanks for your reply.
However, I have successfully added the IP address pool as for the configuration described in my first post.
I was afraid that it would not have worked as the new address pool was in a different subnet from the subnet of the physical interface of the VPN concentrator and that of the VPN Tunnel default gateway.
We have added the IP static route on core switches and firewalls to route the traffic to the new IP address pool, the default gateway being the VPN concentrator's (internal)IP address and it has worked!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide