Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan

Reply
Thread Tools

Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan

 
 
Mag
Guest
Posts: n/a
 
      01-31-2009
Hi

anyone know if it's possible that configure a lot of VLAN on
a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
at one vlan ?





Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface


|==> Vlan 10 - 172.20.10.0/24 =>
|==> Vlan 20 - 172.20.11.0/24 =>
ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 =>
|==> Vlan 40 - 172.20.13.0/24 =>
|==> Vlan 50 - 172.20.14.0/24 =>

One Pool IPSec Remote per Vlan:

User_Groupe_1 => Pool 172.21.10.0/24
Can access only Vlan 10 Network

User_Groupe_2 => Pool 172.21.20.0/24
Can access only Vlan 20 Network

User_Groupe_3 => Pool 172.21.30.0/24
Can access only Vlan 30 Network

User_Groupe_4 => Pool 172.21.40.0/24
Can access only Vlan 40 Network

User_Groupe_5 => Pool 172.21.50.0/24
Can access only Vlan 50 Network



Thanks for your help
 
Reply With Quote
 
 
 
 
Brian V
Guest
Posts: n/a
 
      01-31-2009

"Mag" <(E-Mail Removed)> wrote in message
news:498404c9$0$18760$(E-Mail Removed)...
> Hi
>
> anyone know if it's possible that configure a lot of VLAN on
> a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
> at one vlan ?
>
>
>
>
>
> Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface
>
>
> |==> Vlan 10 - 172.20.10.0/24 =>
> |==> Vlan 20 - 172.20.11.0/24 =>
> ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 =>
> |==> Vlan 40 - 172.20.13.0/24 =>
> |==> Vlan 50 - 172.20.14.0/24 =>
>
> One Pool IPSec Remote per Vlan:
>
> User_Groupe_1 => Pool 172.21.10.0/24
> Can access only Vlan 10 Network
>
> User_Groupe_2 => Pool 172.21.20.0/24
> Can access only Vlan 20 Network
>
> User_Groupe_3 => Pool 172.21.30.0/24
> Can access only Vlan 30 Network
>
> User_Groupe_4 => Pool 172.21.40.0/24
> Can access only Vlan 40 Network
>
> User_Groupe_5 => Pool 172.21.50.0/24
> Can access only Vlan 50 Network
>
>
>
> Thanks for your help


Sure, of course, doesn't have anything to do with VLAN's tho, based off of
subnets and it's controlled via the crypto maps. User group 1 has crypto map
1 assigned which permits vpnpool1 to talk to subnet1, group2 has pool2 to
subnet2, etc etc. You can also add cgoups which have access to one or more,
i.e. admin group has pool10 which has access to subnets1 thru 10.

 
Reply With Quote
 
 
 
 
alexd
Guest
Posts: n/a
 
      01-31-2009
Mag wrote:

> anyone know if it's possible that configure a lot of VLAN on
> a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
> at one vlan ?



> One Pool IPSec Remote per Vlan:
>
> User_Groupe_1 => Pool 172.21.10.0/24
> Can access only Vlan 10 Network


....etc...

> User_Groupe_5 => Pool 172.21.50.0/24
> Can access only Vlan 50 Network


VLANs are L2, subnets are L3. Happily you've given each VLAN its own subnet,
so I don't see a problem with that. I don't know how many subinterfaces a
5510 supports, but I'd be surprised if it didn't cope with 5 VLANs.

--
<http://ale.cx/> (AIM:troffasky) ((E-Mail Removed))
15:42:52 up 57 days, 17:54, 2 users, load average: 0.02, 0.06, 0.03
Sexy ladies, and nasty boys, all freaky freakin', to the robot noise

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
cisco asa static ipsec tunnnel with inside and outside nat Delija Cisco 0 06-21-2010 10:06 AM
Asa 5520 L2TP IPSEC and Cisco 837:Challenge JARAMOS Cisco 4 05-19-2009 11:51 AM
IPSec VPN Cisco 1812 and ASA 5510 Dav Cisco 2 05-05-2009 07:32 AM
[Urgent] Help Requested please => Cisco ASA and Remote IPSEC VPN Mag Cisco 2 01-08-2009 10:40 PM
IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116 Tilman Schmidt Cisco 0 01-24-2008 10:49 AM



Advertisments