Cisco ASA 5510/5520 and VLAN ? Affect IPSEC Remote User at one vlan

Discussion in 'Cisco' started by Mag, Jan 31, 2009.

  1. Mag

    Mag Guest

    Hi

    anyone know if it's possible that configure a lot of VLAN on
    a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
    at one vlan ?





    Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface


    |==> Vlan 10 - 172.20.10.0/24 =>
    |==> Vlan 20 - 172.20.11.0/24 =>
    ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 =>
    |==> Vlan 40 - 172.20.13.0/24 =>
    |==> Vlan 50 - 172.20.14.0/24 =>

    One Pool IPSec Remote per Vlan:

    User_Groupe_1 => Pool 172.21.10.0/24
    Can access only Vlan 10 Network

    User_Groupe_2 => Pool 172.21.20.0/24
    Can access only Vlan 20 Network

    User_Groupe_3 => Pool 172.21.30.0/24
    Can access only Vlan 30 Network

    User_Groupe_4 => Pool 172.21.40.0/24
    Can access only Vlan 40 Network

    User_Groupe_5 => Pool 172.21.50.0/24
    Can access only Vlan 50 Network



    Thanks for your help
    Mag, Jan 31, 2009
    #1
    1. Advertising

  2. Mag

    Brian V Guest

    "Mag" <> wrote in message
    news:498404c9$0$18760$...
    > Hi
    >
    > anyone know if it's possible that configure a lot of VLAN on
    > a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
    > at one vlan ?
    >
    >
    >
    >
    >
    > Internet ==> 80.xx.xx.xx => Cisco ASA5510 Wan Interface
    >
    >
    > |==> Vlan 10 - 172.20.10.0/24 =>
    > |==> Vlan 20 - 172.20.11.0/24 =>
    > ASA 5510 LAN |==> Vlan 30 - 172.20.12.0/24 =>
    > |==> Vlan 40 - 172.20.13.0/24 =>
    > |==> Vlan 50 - 172.20.14.0/24 =>
    >
    > One Pool IPSec Remote per Vlan:
    >
    > User_Groupe_1 => Pool 172.21.10.0/24
    > Can access only Vlan 10 Network
    >
    > User_Groupe_2 => Pool 172.21.20.0/24
    > Can access only Vlan 20 Network
    >
    > User_Groupe_3 => Pool 172.21.30.0/24
    > Can access only Vlan 30 Network
    >
    > User_Groupe_4 => Pool 172.21.40.0/24
    > Can access only Vlan 40 Network
    >
    > User_Groupe_5 => Pool 172.21.50.0/24
    > Can access only Vlan 50 Network
    >
    >
    >
    > Thanks for your help


    Sure, of course, doesn't have anything to do with VLAN's tho, based off of
    subnets and it's controlled via the crypto maps. User group 1 has crypto map
    1 assigned which permits vpnpool1 to talk to subnet1, group2 has pool2 to
    subnet2, etc etc. You can also add cgoups which have access to one or more,
    i.e. admin group has pool10 which has access to subnets1 thru 10.
    Brian V, Jan 31, 2009
    #2
    1. Advertising

  3. Mag

    alexd Guest

    Mag wrote:

    > anyone know if it's possible that configure a lot of VLAN on
    > a Cisco ASA 5510/5520 LAN Interface and affect a Pool + User right
    > at one vlan ?



    > One Pool IPSec Remote per Vlan:
    >
    > User_Groupe_1 => Pool 172.21.10.0/24
    > Can access only Vlan 10 Network


    ....etc...

    > User_Groupe_5 => Pool 172.21.50.0/24
    > Can access only Vlan 50 Network


    VLANs are L2, subnets are L3. Happily you've given each VLAN its own subnet,
    so I don't see a problem with that. I don't know how many subinterfaces a
    5510 supports, but I'd be surprised if it didn't cope with 5 VLANs.

    --
    <http://ale.cx/> (AIM:troffasky) ()
    15:42:52 up 57 days, 17:54, 2 users, load average: 0.02, 0.06, 0.03
    Sexy ladies, and nasty boys, all freaky freakin', to the robot noise
    alexd, Jan 31, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Exclusive

    ASA 5510 Remote VPN user question

    Exclusive, Apr 20, 2007, in forum: Cisco
    Replies:
    3
    Views:
    1,736
    Exclusive
    Apr 23, 2007
  2. Tilman Schmidt
    Replies:
    0
    Views:
    3,253
    Tilman Schmidt
    Jan 24, 2008
  3. Dav
    Replies:
    2
    Views:
    1,339
    Igor MamuziƦ aka Pseto
    May 5, 2009
  4. JARAMOS
    Replies:
    4
    Views:
    1,240
    JARAMOS
    May 19, 2009
  5. Joe Jeremias

    vista ipsec to cisco asa 5520

    Joe Jeremias, Aug 14, 2009, in forum: Cisco
    Replies:
    0
    Views:
    683
    Joe Jeremias
    Aug 14, 2009
Loading...

Share This Page