Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1394
Views
5
Helpful
3
Replies

Routing Betwen IP on ASA for SSL VPN

Go to solution
Arsen Gharibyan
Level 1
Level 1

‎04-28-2013 02:12 PM

I have a question let say internal network DHCP is 192.168.0.0   and if you configure SSL VPN on ASA to assign ip from 10.0.0.0 network where routing needs to be configured so the client can route between network ?

2. lets say im using 192.168.10.0/.20.0/.30.0  im my network if i setup ASA to assign 30.0 will ther be any DHCP conflicts ? or ASA DHCP will reply to ONLY outside requests ? (i mean from Anyconnect)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Arsen Gharibyan

‎04-28-2013 07:52 PM

Hi,

You dont have to use a dynamic routing protocol if you dont need to/want to. In a simple network you might just be using static routes.

Which ever way you handle the routing I dont think it really changes the setup at all.

This ofcourse provided that the ASA is the default route out of your network. Then any traffic headed to the VPN Pool networks would naturally always be reachable from the LAN since the default route would already be forwarding any traffic to networks outside the LAN towards the ASA.

On the other hand if the ASA isnt the gateway device for all the Internet traffic on your network then you would need to handle the routing so that the networks/subnets used as the VPN Pools would be routed towards the ASA on the LAN.

- Jouni

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎04-28-2013 04:52 PM

Hi,

Routing in the first case depends on your network topology naturally. But I'd imagine each LAN network uses the ASA to get out to Internet so that means they will be able to reach the VPN network because the ASA naturally knows the route for that.

On the second case I would not recomend using a overlapping network with LAN  and VPN networks. Just use a separate network for the VPN Clients and the LAN networks.

The ASA itself will only provide DHCP addresses to host directly connected hosts or VPN Clients. And these are usually 2 different things. For LAN users DHCP is configured on interface basis and for VPN DHCP IP addresses is configured as VPN Pool which is attached to the VPN configurations only.

- Jouni

Go to solution
Arsen Gharibyan
Level 1
Level 1
In response to Jouni Forss

‎04-28-2013 05:43 PM

Thank you for your reply.

So basicly  if i have a router behind ASA i need to ru exm. OSPF on both ? Router and ASA ?

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Arsen Gharibyan

‎04-28-2013 07:52 PM

Hi,

You dont have to use a dynamic routing protocol if you dont need to/want to. In a simple network you might just be using static routes.

Which ever way you handle the routing I dont think it really changes the setup at all.

This ofcourse provided that the ASA is the default route out of your network. Then any traffic headed to the VPN Pool networks would naturally always be reachable from the LAN since the default route would already be forwarding any traffic to networks outside the LAN towards the ASA.

On the other hand if the ASA isnt the gateway device for all the Internet traffic on your network then you would need to handle the routing so that the networks/subnets used as the VPN Pools would be routed towards the ASA on the LAN.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents