Configuring ip addresses for vpns, Configuring an ip address assignment method, C h a p t e r – Cisco ASA 5505 User Manual
Page 1519: Chapter 68, “configuring ip addresses for vpns
C H A P T E R
68-1
Cisco ASA 5500 Series Configuration Guide using the CLI
68
Configuring IP Addresses for VPNs
This chapter describes IP address assignment methods.
IP addresses make internetwork connections possible. They are like telephone numbers: both the sender
and receiver must have an assigned number to connect. But with VPNs, there are actually two sets of
addresses: the first set connects client and server on the public network. Once that connection is made,
the second set connects client and server through the VPN tunnel.
In ASA address management, we are dealing with the second set of IP addresses: those private IP
addresses that connect a client with a resource on the private network, through the tunnel, and let the
client function as if it were directly connected to the private network. Furthermore, we are dealing only
with the private IP addresses that get assigned to clients. The IP addresses assigned to other resources
on your private network are part of your network administration responsibilities, not part of VPN
management. Therefore, when we discuss IP addresses here, we mean those IP addresses available in
your private network addressing scheme that let the client function as a tunnel endpoint.
This chapter includes the following sections:
•
Configuring an IP Address Assignment Method, page 68-1
•
Configuring Local IP Address Pools, page 68-2
•
Configuring AAA Addressing, page 68-2
•
Configuring DHCP Addressing, page 68-3
Configuring an IP Address Assignment Method
The ASA can use one or more of the following methods for assigning IP addresses to remote access
clients. If you configure more than one address assignment method, the ASA searches each of the
options until it finds an IP address. By default, all methods are enabled. To view the current
configuration, enter the show running-config all vpn-addr-assign command.
•
aaa—Retrieves addresses from an external authentication server on a per-user basis. If you are using
an authentication server that has IP addresses configured, we recommend using this method.
•
dhcp—Obtains IP addresses from a DHCP server. If you want to use DHCP, you must configure a
DHCP server. You must also define the range of IP addresses that the DHCP server can use.
•
local—Use an internal address pool. Internally configured address pools are the easiest method of
address pool assignment to configure. If you choose local, you must also use the ip-local-pool
command to define the range of IP addresses to use.
To specify a method for assigning IP addresses to remote access clients, enter the vpn-addr-assign
command in global configuration mode. The syntax is vpn-addr-assign {aaa | dhcp | local}.