cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11148
Views
3
Helpful
5
Replies

ip local pool - what is this

tedlandrum
Level 1
Level 1

Can someone tell me what he config line "ip local pool LE 172.17.2.1 -172.17.2.100 mask 255.255.255.0" is for. This is in the config for two ASA 5505's and I do not know what they are for.  What does "ip local pool" do in the config?

5 Replies 5

Antonio Knox
Level 7
Level 7

It defines a pool of ip addresses that can be assigned to VPN remote access users.  See:

http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/i3_72.html#wp1728921

Please rate if helpful.

tedlandrum
Level 1
Level 1

Antonio,

Thank you for your quick reply.  This config line was on a PIX 501.  The person who is doing the config for my ASA 5505 has added to both devices. (By both I mean the two locations that we are VPN between) When I was using the PIX for the VPN it was only on one PIX. Is there any problem if it is on both ASA 5505s?

You can use the command on both ends, but I'm wondering what type of VPN are you running between the sites, is it a site-to-site tunnel?  I'm asking because I'm wondering why you are using the pool on both ASAs.

We are trying to run a site-to-site VPN.  We have had one running using two pix 501s.  But I need to change to the ASA 5505 to use main mode ike. We attempted the ASA connections this morning and it failed.  The man who did the config is going to look at it tomorrow morning.  In the mean time I have been looking at the configs for both locations to see it I can find anything.  I found that the ip local pool was only on one of the PIX 501s, but it was on both of the ASA 5505s.  I was not sure what the command did, and was looking into the need for it.

Thanks for the update.  In a site-to-site VPN configuration, there should be no need for 'ip local pool' configurations.  There are no remote access users to assign ip addresses to.  I would ask the firewall tech if those configs are really necessary.  I would think he'll remove them, as there is no use for it besides making the configuration look confusing.

Hope that helps.

Review Cisco Networking for a $25 gift card