Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
449
Views
0
Helpful
1
Replies

Keep local addressing when establishing VPN Remote Access

g.fabre
Level 1
Level 1

‎09-08-2011 09:43 AM - edited ‎02-21-2020 05:34 PM

Hi all

I recently questionned myself about the following : is it possible using ASA to keep the same IP address after establishing the VPN connection on remote access mode ?

I remember using another old firewall (not Cisco) where the client address didn't change after the VPN (IPSec) is up

For what I can see, the ASA firewall is requiring to define an address pool (private addressing) in order for the client to connect

In addition to that, AnyConnect client creates a new network connection so we can't assign the same addressing;  I think it is the same for VPN client.

Clientless SSL is for sure not creating another address scheme, but I am not sure I can't encapsulate all my applications inside

I hope I am clear; I am interested in more details if you have as I didn't find them on Cisco support website

Thanks in advance for your help

Labels:
0 Helpful
1 Reply 1

raga.fusionet
Level 4
Level 4

‎09-08-2011 10:18 AM

Hi There,

The short answer is no, this was sopported on the old VPN concentrators, however the "Use Client Address" option was deprecated when the ASA came out. 

Like you've seen the ASA requires you to define an IP Pool, that does not overlap with the physical subnet behind the ASA, for the address assigment of the VPN clients.

I hope this answers your questions.

Raga

0 Helpful
Customers Also Viewed These Support Documents