cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
238
Views
0
Helpful
2
Replies

*** 3002 hardware client to ASA5510 ***

schm196
Level 1
Level 1

I am a self-taught yet reasonably experienced administrator of the software client-to-3005 concentrator VPN scenario. Some of the concepts, though, have me stuck when trying to apply things in the 3002-to-5510 environment: I have successfully configured the 5510 and a 3002 to connect to each other and establish a VPN tunnel. A software client would now have an overriding VPN tunnel private IP address assigned to the client machine it is running on, which will be used for all tunneled traffic. The 3002, however, actually has a private hardware interface that I thought I already need to configure with an applicable private IP address of the network it is residing on. Did the ASA now assign an additional private tunnel VPN address to this 3002? (It is configured like my old 3005 to use a local address pool for client DHCP assignments.) What good does this do for my client that sits (untunneled) on the private network behind the 3002? Do I have to add a static route to point traffic for the network behind the 5510 to the 3002? If so, to the physical private IP or to the assigned tunnel IP? What if that tunnel IP changes later due to DHCP? I'm sure this sounds funny to an expert but I am drawing a blank here as to how this is supposed to work. ;-) Enlighten me, please!

2 Replies 2

kaachary
Cisco Employee
Cisco Employee

Thought you already got the answer in prev post :-)

-Kanishka

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: