Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1172
Views
5
Helpful
3
Replies

Anyconnect VPN Pool Recommended size

Go to solution
Martin Swann
Level 1
Level 1

‎05-10-2020 04:31 AM

Hi There, 

 I have recently installed a 2140 FPR Device running ASA Code to increase our VPN Client base.

 

 In setting up the DHCP Clients pools leases I have been allocated a /20, 4096 Devices to use from our allocation dept.

 

 I have looked all over and cannot see a recommended pool size for the clients using 'Anyconnect Profiles' and wondered what the /20 allocated to me should be split into for optimal use as a client pool and make the client expercience as nice as possible.

 

We use the local IP Address Assignment option on the ASA.

 

Making maybe 8 /23 Pools, rather than 1x /20. Or would this not be an issues for Anyconnect Clients?

 

Many thanks

martin

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎05-10-2020 05:12 AM

Hi,

You can make the DHCP Pool for the VPN clients as large as you like, as there is no issue with having a larger a broadcast domain for VPN clients, that only applies on a LAN.

 

So it's up to you really, you could just create 1 x DHCP scope for the /20, however you might wish to have a couple of smaller scopes for special use cases such as contractors.

 

HTH

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎05-10-2020 05:12 AM

Hi,

You can make the DHCP Pool for the VPN clients as large as you like, as there is no issue with having a larger a broadcast domain for VPN clients, that only applies on a LAN.

 

So it's up to you really, you could just create 1 x DHCP scope for the /20, however you might wish to have a couple of smaller scopes for special use cases such as contractors.

 

HTH

Go to solution
Martin Swann
Level 1
Level 1
In response to Rob Ingram

‎05-11-2020 12:40 AM

Thanks so much for responding , and confirming.
0 Helpful

Go to solution
danmassa
Level 1
Level 1

‎08-17-2024 07:21 AM

FYI:
We have four ASA firewalls running 9.18(4)24 and we have no problem with /20 sized pools.  Of course, we don't run them past 50% utilization so that if one or two ASA fails, and all the users swing over to the remaining ASAs, the pools are large enough to handle it.

We are considering expanding the pools to /19.  Still don't see any foreseeable problems.  We're doing that so that, even if three ASAs fail, the one remaining ASA can handle the entire load and have a large enough pool.

0 Helpful
Customers Also Viewed These Support Documents