• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 533
  • Last Modified:

VPN Client Network Mask

I have a Cisco VPN Concentrator 3000 series. I use Cisco VPN clients v4.x to connect. I am using a configured pool of addresses to dole out to the clients when they connect. I want the clients to get a specific mask as well but I am missing something.

I have defined a mask in the group configuration but my clients still get a mask based on the class of my IP pool.

How can I define a subnet mask for my VPN clients?
0
mousers
Asked:
mousers
  • 4
  • 4
1 Solution
 
lrmooreCommented:
What version OS do you have on the 3000? I just upgraded one to 4.1.5 this morning and noticed that there is now a subnet mask setting for the address pool..
0
 
mousersAuthor Commented:
I have v4.0.1D. I'll try to grab the IOS and try to perform the upgrade tonight. Any gotchas you came accross?
0
 
lrmooreCommented:
If you're using OSPF routing, I've found a glitch in the reverse rout injection.
Otherwise, it took all of 5 minutes.
Do you have any LAN-LAN tunnels set up, specifically to an IOS router? You might have to modify the router's config to add an isakmp keepalive. I found that out going from 4.0 to 4.1 a while back..
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
mousersAuthor Commented:
I have 4 LAN-LAN tunnels. I am trying to get the new IOS from Cisco TAC right now.
0
 
lrmooreCommented:
If your LAN-LAN tunnel terminates on a router, then you will need to add this command to the router.
isakmp keepalive 30

Else, the VPN will come up for a couple minutes then drop.

0
 
mousersAuthor Commented:
The remote end of the tunnel is a PIX 506e. I do seem to have problems with VPN clients having their connection dropped but the LAN-LAN tunnels seem ok.
0
 
lrmooreCommented:
What version clients? I think there is a caveat that only 3.6+ is supported.
Highly suggest clients use 4.x
0
 
mousersAuthor Commented:
Thanks for the help. I have some remote offices who are in the middle of a big project so I'm not going to be able to do the upgrade till Thursday evening. I do have a work around for my delima until then.

Thanks again.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now