Using VPN tunneling and DHCP with an ASA

jzei · ‎06-16-2014

We have a customer who needs access to physical devices on our network. Currently they have their own ASA on a DSL circuit providing DHCP to devices we have vlan'd on our core switch. We would like to remove their ASA and DSL having them connect via a point to point tunnel over our Internet pipe to our ASA. Our customer needs to use 192. addresses while our network is not 192. We would like our ASA to provide 192. addresses for their tunnel. Is this possible?

Thanks

Marvin Rhoads · ‎06-16-2014

Yes - there are a couple of approaches you could use.

1. You could put them all on a separate VLAN and have it use 192.x.x.x addresses with your ASA as the DHCP server. The VLAN could connect to your ASA using a dedicated physical interface or a logical subinterface on a trunk port.

2. You could setup NAT with the VPN so that your devices use your assigned and configured IP addressing and translate to the 192.x.x.x. addresses they know and expect when communicating across the VPN. This can be a bit confusing when troubleshooting since they will not know they are talking to any address other than the one they have been using. Depending on the application, this can sometime cause issues in cases where the application embeds the endpoint IP address in the process.

jzei · ‎06-16-2014

Thanks Marvin. This is helpful knowing the ASA is capable of what we're trying to do.

Marvin Rhoads · ‎06-16-2014

You're welcome.

Please rate helpful answers and mark your question as answered if it has been.