Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
233
Views
10
Helpful
4
Replies

ASA VPN Public IPs

Go to solution
Mokhalil82
Level 4
Level 4

‎09-15-2015 11:59 AM - edited ‎03-11-2019 11:36 PM

Hi

If I have a public IP subnet of /24, when configuring remote access VPNS, can VPNs from different customers use different IP from the public range although only one IP is assigned to the outside interface, or do they all have to terminate on the outside interface.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎09-16-2015 12:47 PM

I edited my earlier reply a bit for clarity and correctness. Connection profile and tunnel-group are different terms used in ASDM and cli respectively - they both mean the same thing.

Every remote access SSL VPN connection needs to have at least a connection profile and associated group policy. A group policy can be used by any number of connection profiles.

The configuration guide does a decent job of explaining them. Link.

I refer back to my class materials from the old Cisco CCNP Security VPN training as it can be a bit confusing from just the content of the configuration guide. The old official certification guide for that may still be available as they haven't published a new one for the SIMOS exam.

View solution in original post

4 Replies 4

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-16-2015 02:15 AM

They all have to terminate on the interface IP address.

We use connection profiles (that's the ASDM term - they are known as tunnel-groups in the cli) to distinguish among groups needing differentiated levels of access based on their identity or group membership.

You can choose not to publish the profiles in your dropdown list and instead assign the customers unique hidden URLs to drop them straight into their designated connection profile.

Go to solution
Mokhalil82
Level 4
Level 4
In response to Marvin Rhoads

‎09-16-2015 02:15 AM

Hi Marvin

So I will be configuring the VPNs using ASDM for many customers, each assigned a different pool of addresses.

What I am also trying to understand is that can multiple connection profiles be assigned to a single tunnel group? And are both the connection profile and group policy required.

Il probably search for a tutorial just to get a understanding of how the pieces fit together. 

Thanks

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎09-16-2015 12:47 PM

I edited my earlier reply a bit for clarity and correctness. Connection profile and tunnel-group are different terms used in ASDM and cli respectively - they both mean the same thing.

Every remote access SSL VPN connection needs to have at least a connection profile and associated group policy. A group policy can be used by any number of connection profiles.

The configuration guide does a decent job of explaining them. Link.

I refer back to my class materials from the old Cisco CCNP Security VPN training as it can be a bit confusing from just the content of the configuration guide. The old official certification guide for that may still be available as they haven't published a new one for the SIMOS exam.

Go to solution
Mokhalil82
Level 4
Level 4
In response to Marvin Rhoads

‎09-17-2015 12:35 AM

That clears up quite a bit for me. Usually im looking at different sources and it gets slightly confusing. But that's a great help, thanks Marvin

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card