10-24-2013 08:07 AM - edited 02-21-2020 07:16 PM
Hello
We have ASA with base license, I can only have 2 vlan and a DMZ, these interfaces are already occupied, is required to have a remote access VPN, the VPN settings these remote clients must have a different address, my question is that whether the limitation of the vlan we can do?
Thank you
Regards
10-24-2013 08:12 AM
Hi,
I am not sure if I understand you fully.
But it seems to me that you think you need another Vlan interface for the VPN? This is not the case. The VPN connection will be formed to the Vlan interface with the connection to the external network. The VPN Clients will get IP addresses from a VPN address pool. These addresses will be visible in the routing table of the ASA from behind the external interface where they connected from.
With the Base License only your users can have 2 AnyConnect VPN Client or Clientless VPN connections. If you use the old IPsec VPN Client then you will be able to have 10 concurrent VPN Client connections.
- Jouni
10-24-2013 08:56 AM
Hi Jouni
This address can be an IP address pool within the inside network or IP addresses must be different?
Regards
10-24-2013 08:59 AM
Hi,
Some people use IP addresses that are part of the LAN subnet.
I personally avoid this and configure the VPN Pool with different subnet than any of the local networks.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide