Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan|
|
|
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||
|
Posted by Mag on January 31, 2009, 2:59 am
Please log in for more thread options
anyone know if it's possible that configure a lot of VLAN on a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right at one vlan ? Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface
|==> Vlan 10 - 172.20.10.0/24 =>
|==> Vlan 20 - 172.20.11.0/24 => ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 => |==> Vlan 40 - 172.20.13.0/24 => |==> Vlan 50 - 172.20.14.0/24 => One Pool IPSec Remote per Vlan: User_Groupe_1 => Pool 172.21.10.0/24
Can access only Vlan 10 Network
User_Groupe_2 => Pool 172.21.20.0/24
Can access only Vlan 20 Network
User_Groupe_3 => Pool 172.21.30.0/24
Can access only Vlan 30 Network
User_Groupe_4 => Pool 172.21.40.0/24
Can access only Vlan 40 Network
User_Groupe_5 => Pool 172.21.50.0/24
Can access only Vlan 50 Network
Thanks for your help | ||||||||||
|
Posted by Brian V on January 31, 2009, 10:36 am
Please log in for more thread options > Hi
> > anyone know if it's possible that configure a lot of VLAN on > a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right > at one vlan ? > > > > > > Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface > > > |==> Vlan 10 - 172.20.10.0/24 => > |==> Vlan 20 - 172.20.11.0/24 => > ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 => > |==> Vlan 40 - 172.20.13.0/24 => > |==> Vlan 50 - 172.20.14.0/24 => > > One Pool IPSec Remote per Vlan: > > User_Groupe_1 => Pool 172.21.10.0/24 > Can access only Vlan 10 Network > > User_Groupe_2 => Pool 172.21.20.0/24 > Can access only Vlan 20 Network > > User_Groupe_3 => Pool 172.21.30.0/24 > Can access only Vlan 30 Network > > User_Groupe_4 => Pool 172.21.40.0/24 > Can access only Vlan 40 Network > > User_Groupe_5 => Pool 172.21.50.0/24 > Can access only Vlan 50 Network > > > > Thanks for your help Sure, of course, doesn't have anything to do with VLAN's tho, based off of subnets and it's controlled via the crypto maps. User group 1 has crypto map 1 assigned which permits vpnpool1 to talk to subnet1, group2 has pool2 to subnet2, etc etc. You can also add cgoups which have access to one or more, i.e. admin group has pool10 which has access to subnets1 thru 10. | ||||||||||
|
Posted by alexd on January 31, 2009, 10:48 am
Please log in for more thread options Mag wrote:
> anyone know if it's possible that configure a lot of VLAN on
> a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right > at one vlan ? > One Pool IPSec Remote per Vlan:
> > User_Groupe_1 => Pool 172.21.10.0/24 > Can access only Vlan 10 Network ...etc... > User_Groupe_5 => Pool 172.21.50.0/24
> Can access only Vlan 50 Network VLANs are L2, subnets are L3. Happily you've given each VLAN its own subnet, so I don't see a problem with that. I don't know how many subinterfaces a 5510 supports, but I'd be surprised if it didn't cope with 5 VLANs. -- <http://ale.cx/> (AIM:troffasky) (UnSoEsNpEaTm@ale.cx)
15:42:52 up 57 days, 17:54, 2 users, load average: 0.02, 0.06, 0.03
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise | ||||||||||
|
Home Cabling GuideFinally, an instantly downloadable book that saves you thousands in home improvement dollars! Enjoy living in 21st century technology-advanced home while increasing its selling value and competitive advantage on the real estate market. Whether your cabling is for home office or high-tech leisure, you can wire your home yourself or learn "wirish" to speak with your cabling contractors in their language! Learn More |