vpn clients pinging gateway

carl_townshend · ‎09-10-2007

Hi all, Can anyone tell me why on a vpn client, it has itself as a gateway and uses a 32 bit mask, is this so its on its own network, and all traffic goes out the virtual vpn interface ? also how come the firewall does not have an interface on the same scope as my dhcp ? how does the traffic get to it as it has no ip in the range ??

Jagdeep Gambhir · ‎09-10-2007

Carl,

Once the vpn connection is established, the ip address they get from the pool will become the DG. The clients actually does not need to be assigned the internal network's default gateway. Clients should be able to reach all the devices on the network if you have the proper route for the ip pool of clients ,on the internal devices, sending the traffic back to the pix.

Basically all encrypted traffic should go thru the Virtual Adapter or Virtual Interface (VI) that is created once the tunnel is negociated.

That Virtal Interface will get an ip address from the pool and that same ip will become

the DG. All encrypted traffic should be sent over the VI to the Pix firewall.

This behavior has been changed in Vista.

Vista wouldn't allow a default gw pointed directly at one of it's own interfaces (the VPN Client's previous behavior). So the VPN Client now picks another address on the assigned network as it's default gw.

Regards,

~JG

carl_townshend · ‎09-10-2007

what if the address it picks is already in use by another machine? or does the firewall handle this ?

Jagdeep Gambhir · ‎09-10-2007

It will never pick the IP that is already in use by another machine. Firewall with take care of this.

Regards,

~JG