Solved

VPN Client Network Mask

Posted on 2004-08-14
8
425 Views
Last Modified: 2013-11-16
I have a Cisco VPN Concentrator 3000 series. I use Cisco VPN clients v4.x to connect. I am using a configured pool of addresses to dole out to the clients when they connect. I want the clients to get a specific mask as well but I am missing something.

I have defined a mask in the group configuration but my clients still get a mask based on the class of my IP pool.

How can I define a subnet mask for my VPN clients?
0
Comment
Question by:mousers
  • 4
  • 4
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 11802878
What version OS do you have on the 3000? I just upgraded one to 4.1.5 this morning and noticed that there is now a subnet mask setting for the address pool..
0
 

Author Comment

by:mousers
ID: 11803979
I have v4.0.1D. I'll try to grab the IOS and try to perform the upgrade tonight. Any gotchas you came accross?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 11809928
If you're using OSPF routing, I've found a glitch in the reverse rout injection.
Otherwise, it took all of 5 minutes.
Do you have any LAN-LAN tunnels set up, specifically to an IOS router? You might have to modify the router's config to add an isakmp keepalive. I found that out going from 4.0 to 4.1 a while back..
0
 

Author Comment

by:mousers
ID: 11810114
I have 4 LAN-LAN tunnels. I am trying to get the new IOS from Cisco TAC right now.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 79

Expert Comment

by:lrmoore
ID: 11810407
If your LAN-LAN tunnel terminates on a router, then you will need to add this command to the router.
isakmp keepalive 30

Else, the VPN will come up for a couple minutes then drop.

0
 

Author Comment

by:mousers
ID: 11811080
The remote end of the tunnel is a PIX 506e. I do seem to have problems with VPN clients having their connection dropped but the LAN-LAN tunnels seem ok.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 11811411
What version clients? I think there is a caveat that only 3.6+ is supported.
Highly suggest clients use 4.x
0
 

Author Comment

by:mousers
ID: 11813893
Thanks for the help. I have some remote offices who are in the middle of a big project so I'm not going to be able to do the upgrade till Thursday evening. I do have a work around for my delima until then.

Thanks again.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now