Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : CCSP-Cisco Certified Security Professional : Define Inside Address Assignment Method

Define Inside Address Assignment Method

Nov 14,2009 by alperen

small font medium font large font
image

Define Inside Address Assignment Method

Remote users have network addresses associated with their local network or, more likely, their ISP network. To function within the private network (LAN), it’s necessary to assign suitable “inside” addresses to these users. Conceptually, this is similar to a reverse NAT.

Use the Configuration | System | Address Management | Assignment menu to define how the remote users are assigned addresses within the private network. The screen shown in Figure 14-18 is used to select prioritized methods for assigning IP addresses to clients as a tunnel is established. The Concentrator tries the selected methods in the order listed, until it finds a valid IP address to assign. A minimum of one method must be selected or any combination of choices will be evaluated. There is no default method. The figure shows using an address pool defined on the VPN Concentrator.

Click To expand
Figure 14-18: Selecting an inside address assignment method for remote users

Four possible methods exist for assigning addresses to the remote users:

  • Use Client Address—enables the client to specify its own IP address. This isn’t a good security strategy. Don’t use this option for IPSec because IPSec doesn’t allow client-specified IP addresses.

  • Use Address from Authentication Server—used to assign IP addresses retrieved from an authentication server (AAA) on a per-user basis. This is the preferred and most secure method, if an authentication server (external or internal) is being used.

  • Use DHCP—used to obtain IP addresses from a DHCP server. This is the most manageable and the most scalable of the two remaining options available to IPSec networks.

  • Use Address Pools—used to have the VPN Concentrator assign IP addresses from an internally configured pool. Internally configured address pools are the easiest method of address pool assignment to configure. Use the Configuration | System | Address Management | Pools screens covered in the next section to define and prioritize the address pools.

If the assignment method uses addresses that aren’t from the local subnet on the private interface, then it’s necessary to add routing for those subnets.


282 times read

Related news
» Define Inside Address Pool for Remote Users
by alperen posted on Nov 14,2009
» CLI Quick Configuration Steps
by alperen posted on Nov 14,2009
» Configuring the DHCP Server
by alperen posted on Nov 22,2009
» Standards Supported
by alperen posted on Oct 30,2009
» Overloading Inside Global Addresses
by alperen posted on Nov 27,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.