Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan


anyone know if it's possible that configure a lot of VLAN on a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right at one vlan ?

Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface

|==> Vlan 10 - =>

|==> Vlan 20 - =>

ASA 5510 LAN |==> Vlan 30 - =>

|==> Vlan 40 - =>

|==> Vlan 50 - =>

One Pool IPSec Remote per Vlan:

User_Groupe_1 => Pool Can access only Vlan 10 Network

User_Groupe_2 => Pool Can access only Vlan 20 Network

User_Groupe_3 => Pool Can access only Vlan 30 Network

User_Groupe_4 => Pool Can access only Vlan 40 Network

User_Groupe_5 => Pool Can access only Vlan 50 Network

Thanks for your help

Reply to
Loading thread data ...

Sure, of course, doesn't have anything to do with VLAN's tho, based off of subnets and it's controlled via the crypto maps. User group 1 has crypto map

1 assigned which permits vpnpool1 to talk to subnet1, group2 has pool2 to subnet2, etc etc. You can also add cgoups which have access to one or more, i.e. admin group has pool10 which has access to subnets1 thru 10.
Reply to
Brian V


VLANs are L2, subnets are L3. Happily you've given each VLAN its own subnet, so I don't see a problem with that. I don't know how many subinterfaces a

5510 supports, but I'd be surprised if it didn't cope with 5 VLANs.
Reply to
alexd Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.