ASA VPN With NAT

[goulin1]

Hi,

I have a Cisco ASA 5520 setup with multiple outside interfaces (via a 802.1q trunk from a switch - i.e. I have created 1 subinterface per VLAN with the ASA routing between the VLANs) and I have users establish an IPSec tunnel over these subinterfaces using the Cisco VPN Client.

At the moment, all users can establish a VPN session but it only works if they establish it to their default gateway, which is the ASA. However, when a user moves between a VLAN, it is becoming annoying because they have to change the Cisco VPN Client to use the new default gateway (i.e. interface of the ASA) of the VLAN they have moved to.

Is there a way that I can use 1 address as the target for a VPN session no matter what VLAN/subinterface of the ASA the user is on? Can this be done with NAT? Perhaps I can create a dummy subinterface, and have users VPN to the IP address on that subinterface? Has anyone had to do this before?

With the NAT solution, I believe it would be identical to situations where people have used different IP addresses than the one assigned to the outside interface of a PIX/ASA connecting to the Internet.

Any comments/suggestions?

Thanks

 

[qweasdzxcqweasdzxc]

Honestly I'm not sure.....but with my limited knowledge of the ASA I was able to set it up with VPN with the help of cisco tech support. I suggest you give them a call cause they are typically very good with helping customers....

 

[Supergrrover]

There is no way around that. You will need a profile for each vlan.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[goulin1]

Yeah, I figured out that there is no way around it.

I have decided to use DNS to achieve this, and it seems to work ok.

 

[Supergrrover]

Ahhhh, Smart!!


Brent
Systems Engineer / Consultant
CCNP, CCSP