Sanity check time!
I have a Cisco ASA with AnyConnect remote access VPN configured. Pretty standard stuff. Currently the network is 10.100.99.0/24 It's running low on IP's and I want to change the subnet mask on the DHCP Server (Windows box). I want to change it to /23. I'm concerned there's something I'm missing but so far I see it as not an issue.
My plan is as follows-
- Log into Windows box via remote connection software (Just in case).
- Change subnet mask on DHCP server (Windows)
- Connect to VPN and test.
If I understand correctly, this should be fairly seamless as the group-policy just shows the ACL's to what the clients have access to.
The tunnel-group shows the correct IP of my Windows DHCP server.
the group policy on the ASA shows the following
group-policy companyname-VPN attributes
dns-server value ipaddresses of DNS servers
dhcp-network-scope 10.100.99.0
vpn-simultaneous-logins 3
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client
pfs enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunnel_companyname-VPN
default-domain value domain.com
webvpn
The ACL referenced looks good and will not be changed.
Does this sound correct? With everyone working remotely, the last thing I want to is mess up their VPN!!!
Thanks!
No comments:
Post a Comment