i-pad anyconnect problem with ip address

Unanswered Question
Jan 11th, 2012
User Badges:

i can connect a users ipad just fine using anyconnect however they can not connect to any resource on the company network.

i found that the users home network was also using 192.168.1.xxx the same as my company's network.  my firewall is assiging 172.16.16.xxx to vpn clients.


if i change my users home network to something other than 192.168.1.xxx  eg 10.0.0.1,  then i can connect to our intrAnet page at work,  we can rdp to workstations etc.  


my only problem with this work around is 1.  im not about to change my companies internal ip scheme just for 1 or 2 users. 

2.   these users will likely use internet from different locations,  which most access points are 192.168.1.xxx ip schemes at hotels and confrence centers etc. 


so is their any way to force the i-pad to send all trafic over the vpn tunnel?


here is some maybe important info


not using certificates  (no connect on demand)

not split tunneling,  so web browsing on home internet not allowed while connected to vpn

using rsa tokens

asa 5500 firewall

my ssl is self signed  not a store bought one from verisign or something like that.


thanks in advance for any info.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
werowance Thu, 01/12/2012 - 06:46
User Badges:

Well,  but what about this:  "The AnyConnect Software should use a pool IP from the firewall, so the local network should not matter."   the firewall assigns everyone 172.16.16.XXX   wouldnt that take care of not having to nat the internal network?


im asking,  not arguing.  and appreciate all help.


thanks

Hi Brian,


I thought your problem is your internal LAN IP Subnet clashes with users home LAN's?? Even if you give them and IP address of 1.1.1.0/24 when they want to access something over the VPN to your internal LAN, and that IP address happens to be the same as their home network - it will fail!

werowance Thu, 01/12/2012 - 07:02
User Badges:

Ah, ok,  i guess why i am questioning it so much is that a windows pc on the same home network using anyconnect vpn works fine,  just the ipad doesnt like it.  so i was hopeing it was just an anyconnect setting on the ipad that needed to be changed.


maybe its just the way apple handles networking and vpn differently over a windows computer.  ill give the nat a shot.  it just takes an act of congress to make a firewall change here at work since we farmed controll of it out to a security company.

werowance Thu, 01/12/2012 - 08:56
User Badges:

i never siad it wasnt a must have!  just said it would take a while to get the changes made and thus posting back results


anyone else out their have an answer as to why a windows pc works fine when using the same ip scheme at home and at work without natting the traffic? 

Actions

This Discussion