Filter
Top Products
34-7
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
IKE Policies
only with the private IP addresses that get assigned to clients. The IP addresses assigned to other
resources on your private network are part of your network administration responsibilities, not part of
security appliance management.
Therefore, when we discuss IP addresses here, we mean those IP addresses available in your private
network addressing scheme, that let the client function as a tunnel endpoint.
The Assignment Policy panel lets you choose a way to assign IP addresses to remote access clients.
Fields
• Use authentication server—Select to assign IP addresses retrieved from an authentication server
on a per-user basis. If you are using an authentication server (external or internal) that has IP
addresses configured, we recommend using this method. Configure AAA servers on the
Configuration > AAA Setup panels.
• Use DHCP— Select to obtain IP addresses from a DHCP server. If you use DHCP, configure the
server on the Configuration > DHCP Server panel.
• Use internal address pools—Select to have the security appliance assign IP addresses from an
internally configured pool. Internally configured address pools are the easiest method of address
pool assignment to configure. If you use this method, configure the IP address pools on
Configuration > Remote Access VPN > Network (Client) Access > Address Assignment >
Address Pools panel.
–
Allow the reuse of an IP address __ minutes after it is released—Delays the reuse of an IP
address after its return to the address pool. Adding a delay helps to prevent problems firewalls
can experience when an IP address is reassigned quickly. By default, this option is unchecked,
meaning the security appliance does not impose a delay. If you want one, insert a check mark
and enter the number of minutes in the range 1 - 480 to delay IP address reassignment.
Modes
The following table shows the modes in which this feature is available:
Address Pools
The IP Pool box shows each configured address pool by name, and with their IP address range, for
example: 10.10.147.100 to 10.10.147.177. If no pools exist, the box is empty. The security appliance
uses these pools in the order listed: if all addresses in the first pool have been assigned, it uses the next
pool, and so on.
If you assign addresses from a non-local subnet, we suggest that you add pools that fall on subnet
boundaries to make adding routes for these networks easier.
Fields
• Pool Name—Displays the name of each configured address pool.
• Starting Address—Shows first IP address available in each configured pool.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——