11-26-2008 08:41 AM
All,
I don't see a problem with this, but I wanted to ask your opinion. Currently, we have a local pool on our ASA that hands out 192.168.100.1 - .254. I want to extend this range, and my idea is to assign a 172.16.0.0/22. This would give me 1022 hosts.
Considering this is only for VPN, there shouldn't be any issues with changing the pool for this, correct? Or is it possible for me to add another two or three local pools for the VPN to pull from when the first pool is exhausted?
Thanks!
John
Solved! Go to Solution.
11-26-2008 08:59 AM
John,
Both the above options are valid. You can reconfigure the pool to a /22 subnet or configure multiple pools. Just make sure that you edit your NAT 0 ACL, Split Tunnel, Internal routing to reflect the newly configured pool.
Also, you can configure upto 6 address pools under the IPSEC Attributes.
Example:
tunnel-group DefaultRAGroup general-attributes
address-pool VPNPOOL-1
address-pool VPNPOOL-2
address-pool VPNPOOL-3
address-pool VPNPOOL-4
address-pool VPNPOOL-5
address-pool VPNPOOL-6
Regards,
Arul
*Pls rate if it helps*
11-26-2008 08:59 AM
John,
Both the above options are valid. You can reconfigure the pool to a /22 subnet or configure multiple pools. Just make sure that you edit your NAT 0 ACL, Split Tunnel, Internal routing to reflect the newly configured pool.
Also, you can configure upto 6 address pools under the IPSEC Attributes.
Example:
tunnel-group DefaultRAGroup general-attributes
address-pool VPNPOOL-1
address-pool VPNPOOL-2
address-pool VPNPOOL-3
address-pool VPNPOOL-4
address-pool VPNPOOL-5
address-pool VPNPOOL-6
Regards,
Arul
*Pls rate if it helps*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide