Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
324
Views
0
Helpful
1
Replies

asa 5505 ipsec vpn static internal address for client

chris.drake1
Level 1
Level 1

‎08-31-2015 01:15 PM - edited ‎02-21-2020 08:26 PM

My understanding of VPNs has led me to believe that VPN clients should always be on a different subnet than the internal.

I now have a a situation that requires a device to VPN in and have a specific ip on the internal lan. How can I accomplish this?

Cisco asa505 and Cisco's regular VPN client.

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎09-01-2015 02:15 AM

Typically, VPN-Clients get a reserved pool of addresses that doesn't overlap with anything else. But it's perfectly fine to assign addresses out of the internal network of the ASA. That even makes routing easier as the internal infrastructure will automatically route client-traffic to the ASA (if there are internal routing-devices).

All you have to do is configure an IP-pool with addresses out of the internal network and assign that pool to your tunnel-group or group-policy and don't forget to NAT-exempt that traffic.

Make sure you document well that these addresses are reserved now and shouldn't be handed out to internal clients.

0 Helpful
Customers Also Viewed These Support Documents