Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1922
Views
10
Helpful
3
Replies

ASA VPN Pool DHCP

Go to solution
angelo.batista
Level 1
Level 1

‎09-16-2020 08:42 AM - edited ‎09-16-2020 08:54 AM

 

Good afternoon people.

I am configuring a VPN remote access in ASAv, in the DHCP pool configuration I am trying to place a pool / 16 however it presents the error that it does not support. What would be the best practice for configuring DHCP pool in ASAv or ASA in general.

Labels:
Preview file
49 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP

‎09-16-2020 08:49 AM

Hi @angelo.batista 

What was the exact error? can you provide a screenshot?

You should scale your RAVPN IP Pool to provide as many IP addresses as the hardware/software can scale to.

You can also create multiple IP Pools if required, these can be assigned either via the group-policy or via RADIUS.

 

HTH

View solution in original post

Go to solution
Rob Ingram
VIP
VIP

‎09-16-2020 09:15 AM

Ah ok, looks like you can only add 16384 ip addresses per pool.

 

In ISE (or another RADIUS server) you can configure authorization profile configured with "Advanced Attribute Settings" -> Class = ou=<GROUP-POLICY-NAME>. Where <GROUP-POLICY-NAME> is the group-policy name configured on the ASA. Under this group policy you can define the VPN Pool. You can authorise users depending on AD group membership, and therefore utilise multiple VPN Pools. There is a RADIUS avp just for VPN Pool which I haven't yet re-found, let me know if you want me to find it for you.

 

Alternatively you could use DHCP. When you authorise the users return the attribute value pair as below, the subnet in the example is used to define which DHCP scope to use.

 

Untitled.png

View solution in original post

3 Replies 3

Go to solution
Rob Ingram
VIP
VIP

‎09-16-2020 08:49 AM

Hi @angelo.batista 

What was the exact error? can you provide a screenshot?

You should scale your RAVPN IP Pool to provide as many IP addresses as the hardware/software can scale to.

You can also create multiple IP Pools if required, these can be assigned either via the group-policy or via RADIUS.

 

HTH

Go to solution
angelo.batista
Level 1
Level 1
In response to Rob Ingram

‎09-16-2020 08:53 AM - edited ‎09-16-2020 08:54 AM

Thanks so much.

 

Do you have any documents about support RADIUS Assigned?

 

wait

Preview file
49 KB
0 Helpful

Go to solution
Rob Ingram
VIP
VIP

‎09-16-2020 09:15 AM

Ah ok, looks like you can only add 16384 ip addresses per pool.

 

In ISE (or another RADIUS server) you can configure authorization profile configured with "Advanced Attribute Settings" -> Class = ou=<GROUP-POLICY-NAME>. Where <GROUP-POLICY-NAME> is the group-policy name configured on the ASA. Under this group policy you can define the VPN Pool. You can authorise users depending on AD group membership, and therefore utilise multiple VPN Pools. There is a RADIUS avp just for VPN Pool which I haven't yet re-found, let me know if you want me to find it for you.

 

Alternatively you could use DHCP. When you authorise the users return the attribute value pair as below, the subnet in the example is used to define which DHCP scope to use.

 

Untitled.png

Customers Also Viewed These Support Documents