Chapter 31 Configuring Ip Addresses For Vpns; Configuring An Ip Address Assignment Method - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring IP Addresses for VPNs
This chapter describes IP address assignment methods.
IP addresses make internetwork connections possible. They are like telephone numbers: both the sender
and receiver must have an assigned number to connect. But with VPNs, there are actually two sets of
addresses: the first set connects client and server on the public network. Once that connection is made,
the second set connects client and server through the VPN tunnel.
In security appliance address management, we are dealing with the second set of IP addresses: those
private IP addresses that connect a client with a resource on the private network, through the tunnel, and
let the client function as if it were directly connected to the private network. Furthermore, we are dealing
only with the private IP addresses that get assigned to clients. The IP addresses assigned to other
resources on your private network are part of your network administration responsibilities, not part of
VPN management. Therefore, when we discuss IP addresses here, we mean those IP addresses available
in your private network addressing scheme that let the client function as a tunnel endpoint.
This chapter includes the following sections:
•
•
•
•
Configuring an IP Address Assignment Method
The security appliance can use one or more of the following methods for assigning IP addresses to
remote access clients. If you configure more than one address assignment method, the security appliance
searches each of the options until it finds an IP address. By default, all methods are enabled. To view the
current configuration, enter the show running-config all vpn-addr-assign command.
•
•
•
To specify a method for assigning IP addresses to remote access clients, enter the vpn-addr-assign
command in global configuration mode. The syntax is vpn-addr-assign {aaa | dhcp | local}.
OL-12172-03
Configuring an IP Address Assignment Method, page 31-1
Configuring Local IP Address Pools, page 31-2
Configuring AAA Addressing, page 31-2
Configuring DHCP Addressing, page 31-3
aaa—Retrieves addresses from an external authentication server on a per-user basis. If you are using
an authentication server that has IP addresses configured, we recommend using this method.
dhcp—Obtains IP addresses from a DHCP server. If you want to use DHCP, you must configure a
DHCP server. You must also define the range of IP addresses that the DHCP server can use.
local—Use an internal address pool. Internally configured address pools are the easiest method of
address pool assignment to configure. If you choose local, you must also use the ip-local-pool
command to define the range of IP addresses to use.
C H A P T E R
Cisco Security Appliance Command Line Configuration Guide
31
31-1
Advertisement
Table of Contents
Troubleshooting
