Friday, April 20, 2018

ASA DHCP/VPN/Bridge-group Question

Hi All,

I'm trying to wrap my head around where specifically a configuration is failing in a lab scenario.

In short, I have an ASA which is set up for remote-user access. When users connect, they're given an IP address from the local pool 10.10.10.101/24 - 10.10.10.200/24. The ASA is set up with an additional DHCP pool for devices which connect to it on the bridge-group interfaces; these devices get an IP address of 10.10.10.10/24 - 10.10.10.100/24. The original intention was that users connected to the VPN would be able to access the devices which connect to the bridge-group on the ASA. What's happening is that the users get an IP address, but have no connectivity.

Configuration

My general understanding is that this is failing because these are two separate logical subnets, so the ASA is not routing traffic between them. The part that has me scratching my head is that if both subnets have a default gateway pointing to the ASA, and the ASA is set up to route traffic between same security interfaces, where specifically is the communication failing between a user (e.g. 10.10.10.10/24) and a connected device (eg. 10.10.10.100/24)?

Thanks in advance.



No comments:

Post a Comment