06-16-2014 08:54 AM - edited 03-11-2019 09:20 PM
We have a customer who needs access to physical devices on our network. Currently they have their own ASA on a DSL circuit providing DHCP to devices we have vlan'd on our core switch. We would like to remove their ASA and DSL having them connect via a point to point tunnel over our Internet pipe to our ASA. Our customer needs to use 192. addresses while our network is not 192. We would like our ASA to provide 192. addresses for their tunnel. Is this possible?
Thanks
06-16-2014 09:48 AM
Yes - there are a couple of approaches you could use.
1. You could put them all on a separate VLAN and have it use 192.x.x.x addresses with your ASA as the DHCP server. The VLAN could connect to your ASA using a dedicated physical interface or a logical subinterface on a trunk port.
2. You could setup NAT with the VPN so that your devices use your assigned and configured IP addressing and translate to the 192.x.x.x. addresses they know and expect when communicating across the VPN. This can be a bit confusing when troubleshooting since they will not know they are talking to any address other than the one they have been using. Depending on the application, this can sometime cause issues in cases where the application embeds the endpoint IP address in the process.
06-16-2014 03:19 PM
Thanks Marvin. This is helpful knowing the ASA is capable of what we're trying to do.
06-16-2014 03:27 PM
You're welcome.
Please rate helpful answers and mark your question as answered if it has been.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide