Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
390
Views
0
Helpful
3
Replies

Network on ASA Only

Go to solution
Dallas Brown
Level 1
Level 1

‎04-12-2013 10:30 AM

Hello,

In current situation I have this. Note this is a labsetup so anything is fair game.

ASA 5540 Inside Int: 10.10.1.254

3750(acting as router, it's default route is ASA Inside int) : 10.10.1.253

On the 3750 I have a VLAN90 which has a gateway on the 3750 of 10.90.1.254

The ASA has a static route to the 3750 VLAN 90 subnet.

Currently when a client connects threw VPN they are handed out a IP in the 10.10.1.0 Range. All is well, I can get anywhere I need to get. What I want to do is the have the client handed out an address int the 10.90.1.0 subnet or anyother network besides the 10.10.1.0 network. Currently the asa is only using physical interfaces, no subs are configured. When I hand out an address now in the 10.90.1.0 network the asa has no idea what to do, because it has no interface in the 10.90.1.0 network I guess so all pings fail.

My question is: Is it possible to create a netwrok that only exists on the asa for people to VPN into that exists purely as a VPN pool. and have static routes to all the rest of the networks? Or any suggestions on how to get this to work?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rizwanr74
Level 7
Level 7
In response to Dallas Brown

‎04-16-2013 09:58 AM

Hi Dallas,

I am glad things worked out for you, please rate helpful posts, so that, this thread will become helpful to someone else.

Thanks

Rizwan Rafeek

View solution in original post

0 Helpful
3 Replies 3

Go to solution
rizwanr74
Level 7
Level 7

‎04-12-2013 02:04 PM

Hi Dallas,

Sure, it is a doable.

Beside you do not need a physical interface configured with same address range as the vpn-clients comming off the same  DHCP pool range.

What you need is a no-nat between the dhcp-pool range and your internal-network range for a vpn-client to access given inside network.

Hope that answers your question.

thanks

0 Helpful

Go to solution
Dallas Brown
Level 1
Level 1
In response to rizwanr74

‎04-16-2013 09:47 AM

Ah you did lead me down the right path. Thanks! THe way i got it to work was to create a vpn dhcp pool on the asa in totally different network which is fine. I created a pool with a 10.60.1.0 on the asa and put a static route to it in my 3750. This allows me to get off 10.10.1.0 subnet which was my goal and to get access to all other subnets. I never realized the ASA would automatically create a static itself for the 10.60.1.0 network once a client connects.

Again thanks for your help

Dallas

0 Helpful

Go to solution
rizwanr74
Level 7
Level 7
In response to Dallas Brown

‎04-16-2013 09:58 AM

Hi Dallas,

I am glad things worked out for you, please rate helpful posts, so that, this thread will become helpful to someone else.

Thanks

Rizwan Rafeek

0 Helpful
Customers Also Viewed These Support Documents