ā04-12-2013 10:30 AM
Hello,
In current situation I have this. Note this is a labsetup so anything is fair game.
ASA 5540 Inside Int: 10.10.1.254
3750(acting as router, it's default route is ASA Inside int) : 10.10.1.253
On the 3750 I have a VLAN90 which has a gateway on the 3750 of 10.90.1.254
The ASA has a static route to the 3750 VLAN 90 subnet.
Currently when a client connects threw VPN they are handed out a IP in the 10.10.1.0 Range. All is well, I can get anywhere I need to get. What I want to do is the have the client handed out an address int the 10.90.1.0 subnet or anyother network besides the 10.10.1.0 network. Currently the asa is only using physical interfaces, no subs are configured. When I hand out an address now in the 10.90.1.0 network the asa has no idea what to do, because it has no interface in the 10.90.1.0 network I guess so all pings fail.
My question is: Is it possible to create a netwrok that only exists on the asa for people to VPN into that exists purely as a VPN pool. and have static routes to all the rest of the networks? Or any suggestions on how to get this to work?
Solved! Go to Solution.
ā04-16-2013 09:58 AM
Hi Dallas,
I am glad things worked out for you, please rate helpful posts, so that, this thread will become helpful to someone else.
Thanks
Rizwan Rafeek
ā04-12-2013 02:04 PM
Hi Dallas,
Sure, it is a doable.
Beside you do not need a physical interface configured with same address range as the vpn-clients comming off the same DHCP pool range.
What you need is a no-nat between the dhcp-pool range and your internal-network range for a vpn-client to access given inside network.
Hope that answers your question.
thanks
ā04-16-2013 09:47 AM
Ah you did lead me down the right path. Thanks! THe way i got it to work was to create a vpn dhcp pool on the asa in totally different network which is fine. I created a pool with a 10.60.1.0 on the asa and put a static route to it in my 3750. This allows me to get off 10.10.1.0 subnet which was my goal and to get access to all other subnets. I never realized the ASA would automatically create a static itself for the 10.60.1.0 network once a client connects.
Again thanks for your help
Dallas
ā04-16-2013 09:58 AM
Hi Dallas,
I am glad things worked out for you, please rate helpful posts, so that, this thread will become helpful to someone else.
Thanks
Rizwan Rafeek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide