VPN user IP registration incorrect

smiths@prpa.org · ‎04-01-2010

Hi VPN Group,

I've at least one user who works from home a fair amount, has a new PC with Windows XP, latest service packs and is using the Cisco VPN 5.x client to connect to our VPN 3000 concentrator. The user's home network is using the 192 IP scheme and our VPN connection network is using a 10.X scheme. When the user connects her registered IP is her 192 from her home network. That's causing issues with her ability to use applications while connected via VPN...we have to manually change her IP number in DNS. None of the ipconig /register suggestions by MS works, rebooting her PC, etc., doesn't remedy the problem.

Any suggestions would be appreciated.

~Steve

Federico Coto Fajardo · ‎04-01-2010

Hi,

The remote user has an IP 192.x.x.x

The 3000 should assign from a pool an IP from the 10.x.x.x network when it connects via VPN.

In this way, when connected via VPN, the remote client will work with an address belonging to 10.x.x.x

In this scenario, she should still be able to work through the tunnel, to the internet and locally.

The question is:

Do you have split tunneling configured? Is she sending all IP traffic through the tunnel (or only the traffic intended to the VPN headend)?

You can choose which IP to assing to the client and which traffic to send through the tunnel to avoid any conflict between IPs.

Federico.

smiths@prpa.org · ‎04-01-2010

Federico,

Yes, the VPN should assign her a 10.X address, but for whateve reason its not. No other user has this issue. Other users login and get assigned the proper 10 dot address while connected to our VPN. We do not have split tunneling applied as a matter of policy.

~Steve

Federico Coto Fajardo · ‎04-01-2010

Is she connecting to a separate independent VPN group from all the other clients?

If this is the case, perhaps there's a policy for that group to not assign an IP address?

Federico.

smiths@prpa.org · ‎04-01-2010

No, our corporate people all connect to one VPN and using one corporate VPN policy.

Federico Coto Fajardo · ‎04-01-2010

Check if there's any difference on the user profile configuration for her from the other clients.

The per-user policies override the global policies for VPN.

Federico.

smiths@prpa.org · ‎04-01-2010

No, our corporate people all connect to one VPN and using one corporate VPN policy.

Federico Coto Fajardo · ‎04-01-2010

Is this something particular to her machine?

If she attempt to connect from the same location with a different computer, the same thing happen?

Or if she attempts to connect with the same machine from a different location?

Federico.

slmansfield · ‎04-01-2010

Did you look at the logs on the concentrator and the client? Was this client working successfully before the new PC? Is the address being assigned by the VPN concentrator, a DHCP server or an authentication server?

Here's an example of setting up address assignment on the concentrator, along with some troubleshooting tips.

http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_configuration_example09186a008026f96c.shtml

HTH