Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan

01-31-2009

Hi

anyone know if it's possible that configure a lot of VLAN on
a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
at one vlan ?

Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface

|==> Vlan 10 - 172.20.10.0/24 =>
|==> Vlan 20 - 172.20.11.0/24 =>
ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 =>
|==> Vlan 40 - 172.20.13.0/24 =>
|==> Vlan 50 - 172.20.14.0/24 =>

One Pool IPSec Remote per Vlan:

User_Groupe_1 => Pool 172.21.10.0/24
Can access only Vlan 10 Network

User_Groupe_2 => Pool 172.21.20.0/24
Can access only Vlan 20 Network

User_Groupe_3 => Pool 172.21.30.0/24
Can access only Vlan 30 Network

User_Groupe_4 => Pool 172.21.40.0/24
Can access only Vlan 40 Network

User_Groupe_5 => Pool 172.21.50.0/24
Can access only Vlan 50 Network

Thanks for your help

01-31-2009

"Mag" <> wrote in message
news:498404c9$0$18760$...
> Hi
>
> anyone know if it's possible that configure a lot of VLAN on
> a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
> at one vlan ?
>
>
>
>
>
> Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface
>
>
> |==> Vlan 10 - 172.20.10.0/24 =>
> |==> Vlan 20 - 172.20.11.0/24 =>
> ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 =>
> |==> Vlan 40 - 172.20.13.0/24 =>
> |==> Vlan 50 - 172.20.14.0/24 =>
>
> One Pool IPSec Remote per Vlan:
>
> User_Groupe_1 => Pool 172.21.10.0/24
> Can access only Vlan 10 Network
>
> User_Groupe_2 => Pool 172.21.20.0/24
> Can access only Vlan 20 Network
>
> User_Groupe_3 => Pool 172.21.30.0/24
> Can access only Vlan 30 Network
>
> User_Groupe_4 => Pool 172.21.40.0/24
> Can access only Vlan 40 Network
>
> User_Groupe_5 => Pool 172.21.50.0/24
> Can access only Vlan 50 Network
>
>
>
> Thanks for your help

Sure, of course, doesn't have anything to do with VLAN's tho, based off of
subnets and it's controlled via the crypto maps. User group 1 has crypto map
1 assigned which permits vpnpool1 to talk to subnet1, group2 has pool2 to
subnet2, etc etc. You can also add cgoups which have access to one or more,
i.e. admin group has pool10 which has access to subnets1 thru 10.

01-31-2009

Mag wrote:

> anyone know if it's possible that configure a lot of VLAN on
> a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
> at one vlan ?

> One Pool IPSec Remote per Vlan:
>
> User_Groupe_1 => Pool 172.21.10.0/24
> Can access only Vlan 10 Network

....etc...

> User_Groupe_5 => Pool 172.21.50.0/24
> Can access only Vlan 50 Network

VLANs are L2, subnets are L3. Happily you've given each VLAN its own subnet,
so I don't see a problem with that. I don't know how many subinterfaces a
5510 supports, but I'd be surprised if it didn't cope with 5 VLANs.

--
<http://ale.cx/> (AIM:troffasky) ()
15:42:52 up 57 days, 17:54, 2 users, load average: 0.02, 0.06, 0.03
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
cisco asa static ipsec tunnnel with inside and outside nat	Delija	Cisco	0	06-21-2010 10:06 AM
Asa 5520 L2TP IPSEC and Cisco 837:Challenge	JARAMOS	Cisco	4	05-19-2009 11:51 AM
IPSec VPN Cisco 1812 and ASA 5510	Dav	Cisco	2	05-05-2009 07:32 AM
[Urgent] Help Requested please => Cisco ASA and Remote IPSEC VPN	Mag	Cisco	2	01-08-2009 10:40 PM
IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116	Tilman Schmidt	Cisco	0	01-24-2008 10:49 AM