Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
10
Helpful
3
Replies

IPsec Remote Access VPN

prashanma
Level 1
Level 1

‎10-25-2017 01:56 AM - edited ‎03-12-2019 04:39 AM

Hi All,

 

Can anyone explain how remote access VPN works ? Especially when we configure IP pool, I see the IP pool configured but no route from ASA ? Can anyone explain how VPN works and how IP pool works in and out ?

 

Regards

Labels:
0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-25-2017 02:42 AM

When a client connects and is assigned an address from within the pool, the ASA creates a /32 (host) route for that client. Depending on your routing setup, this may or may not be advertised into your internal network.

 

If the ASA is the default gateway for the rest of the network it is mostly a moot point. If it is one of several ingress/egress points then you either need dynamic routing (ie. EIGRP or OSPF) between the ASA and the rest of the network or a static route somewhere internally to inform the network of that subnet being on the ASA.

prashanma
Level 1
Level 1
In response to Marvin Rhoads

‎10-25-2017 02:46 AM

Thank you Marvin.

For further can you explain why we are using split-tunnel ?
0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to prashanma

‎10-25-2017 02:53 AM

Split tunnel means we only want certain networks to use the VPN when traffic originates from the client. That way they do not have to send all of their Internet and other traffic across the VPN when they are connected.

 

Some people argue that split tunnel is less secure as it potentially exposes the endpoint to a greater number of threats and risks them not being compliant with the organization's acceptable use policy while connected to the VPN.

 

Others argue that the risk is acceptable when balanced against the need to otherwise backhaul all of the remote users' Internet traffic.

 

Not allowing split tunnel can also be problematic if the remote user is not at home but at another organization's network where they need to access non-local resources while being on the VPN. For instance, a network shared drive for a vendor VPNing into your network for legitimate purporse may be unavailable unless split tunnel is allowed.

 

What's best for you is a local decision.

Customers Also Viewed These Support Documents