09-10-2007 01:29 AM - edited 03-05-2019 06:22 PM
Hi all, Can anyone tell me why on a vpn client, it has itself as a gateway and uses a 32 bit mask, is this so its on its own network, and all traffic goes out the virtual vpn interface ? also how come the firewall does not have an interface on the same scope as my dhcp ? how does the traffic get to it as it has no ip in the range ??
09-10-2007 05:48 AM
Carl,
Once the vpn connection is established, the ip address they get from the pool will become the DG. The clients actually does not need to be assigned the internal network's default gateway. Clients should be able to reach all the devices on the network if you have the proper route for the ip pool of clients ,on the internal devices, sending the traffic back to the pix.
Basically all encrypted traffic should go thru the Virtual Adapter or Virtual Interface (VI) that is created once the tunnel is negociated.
That Virtal Interface will get an ip address from the pool and that same ip will become
the DG. All encrypted traffic should be sent over the VI to the Pix firewall.
This behavior has been changed in Vista.
Vista wouldn't allow a default gw pointed directly at one of it's own interfaces (the VPN Client's previous behavior). So the VPN Client now picks another address on the assigned network as it's default gw.
Regards,
~JG
09-10-2007 05:58 AM
what if the address it picks is already in use by another machine? or does the firewall handle this ?
09-10-2007 06:03 AM
It will never pick the IP that is already in use by another machine. Firewall with take care of this.
Regards,
~JG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide