09-15-2015 11:59 AM - edited 03-11-2019 11:36 PM
Hi
If I have a public IP subnet of /24, when configuring remote access VPNS, can VPNs from different customers use different IP from the public range although only one IP is assigned to the outside interface, or do they all have to terminate on the outside interface.
Thanks
Solved! Go to Solution.
09-16-2015 12:47 PM
I edited my earlier reply a bit for clarity and correctness. Connection profile and tunnel-group are different terms used in ASDM and cli respectively - they both mean the same thing.
Every remote access SSL VPN connection needs to have at least a connection profile and associated group policy. A group policy can be used by any number of connection profiles.
The configuration guide does a decent job of explaining them. Link.
I refer back to my class materials from the old Cisco CCNP Security VPN training as it can be a bit confusing from just the content of the configuration guide. The old official certification guide for that may still be available as they haven't published a new one for the SIMOS exam.
09-16-2015 02:15 AM
They all have to terminate on the interface IP address.
We use connection profiles (that's the ASDM term - they are known as tunnel-groups in the cli) to distinguish among groups needing differentiated levels of access based on their identity or group membership.
You can choose not to publish the profiles in your dropdown list and instead assign the customers unique hidden URLs to drop them straight into their designated connection profile.
09-16-2015 02:15 AM
Hi Marvin
So I will be configuring the VPNs using ASDM for many customers, each assigned a different pool of addresses.
What I am also trying to understand is that can multiple connection profiles be assigned to a single tunnel group? And are both the connection profile and group policy required.
Il probably search for a tutorial just to get a understanding of how the pieces fit together.
Thanks
09-16-2015 12:47 PM
I edited my earlier reply a bit for clarity and correctness. Connection profile and tunnel-group are different terms used in ASDM and cli respectively - they both mean the same thing.
Every remote access SSL VPN connection needs to have at least a connection profile and associated group policy. A group policy can be used by any number of connection profiles.
The configuration guide does a decent job of explaining them. Link.
I refer back to my class materials from the old Cisco CCNP Security VPN training as it can be a bit confusing from just the content of the configuration guide. The old official certification guide for that may still be available as they haven't published a new one for the SIMOS exam.
09-17-2015 12:35 AM
That clears up quite a bit for me. Usually im looking at different sources and it gets slightly confusing. But that's a great help, thanks Marvin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide