Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
0
Helpful
2
Replies

ASA5520 Remote access VPN pool migration

Go to solution
Scott Conklin
Level 1
Level 1

‎11-30-2012 10:51 AM - edited ‎02-21-2020 06:31 PM

Hi all, just looking for some input of the best way to migrate to a new pool for remote access DHCP address assignment.  We are currently using a /24 pool, allowing us 253 IP Addresses... during the recent hurricane we hit 250 IP Addresses used, and had to start asking users to connect to our backup ASA VPN device in another country, not an ideal solution.  I'd like to expand our current VPN subnet to a /23, however I do not have a free /24 subnet above (or below) our current /24 subnet.

I can certainly allocate a new /23 subnet, but I am looking for the best migration plan with minimal downtime (no downtime would be preferred).  Can I just add the new pool range to the tunnel-group RAVPN general-attributes section alongside the current pool, or should I just remove the old pool, log off all existing remote access VPN users and have them log on again to start using the new pool?

We are running ASA Version 8.2(1).

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎11-30-2012 11:22 AM

Hi,

I would have to confirm (EDIT: checked it while writing this ) this myself as I havent had need for it previously BUT to my understanding you should be able to assing more than one DHCP pool on a single VPN Client connection.

Please check this Cisco ASA Command Reference for 8.2

VPN Pool configuration under Tunnel-group configurations

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1656186

VPN Pool configuration under Group-policy configurations

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1660582

They are actually the at the same spot of the same document.

Seems to me that it should be no problem to add another /24 Pool to your VPN Client configurations (and do the needed ACL / NAT Configurations)

- Jouni

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎11-30-2012 11:22 AM

Hi,

I would have to confirm (EDIT: checked it while writing this ) this myself as I havent had need for it previously BUT to my understanding you should be able to assing more than one DHCP pool on a single VPN Client connection.

Please check this Cisco ASA Command Reference for 8.2

VPN Pool configuration under Tunnel-group configurations

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1656186

VPN Pool configuration under Group-policy configurations

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/a2.html#wp1660582

They are actually the at the same spot of the same document.

Seems to me that it should be no problem to add another /24 Pool to your VPN Client configurations (and do the needed ACL / NAT Configurations)

- Jouni

0 Helpful

Go to solution
Scott Conklin
Level 1
Level 1
In response to Jouni Forss

‎11-30-2012 11:32 AM

Excellent, thanks for the reply and the info, looks like i can just add a new subnet.  Great news!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents