×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VPN IP ASSIGNMENT ISSUE

Unanswered Question
May 23rd, 2002
User Badges:

Here is my situation:


Outside VPN IP: 210.140.50.80-85 (using ficticious addresses as to not reveal my addresses))

Inside VPN IP: 192.168.190.253

Outside Trusted network router: 192.168.190.254

Inside trusted network: 192.1.1.X


IGR using 210.140.50.80

PIX outside interface 210.140.50.81

Email server 210.140.50.82

NAT for browsing 210.140.50.83

210.140.50.84-85 Used for VPN clients no NAT


How do I allow more than just two VPN connections? Do I have to have a valid IP address for each client that connects or is thier something I should be doing with NAT here? Clients are connecting to the 210.140.50.81 address than taking an address from the pool that includes 210.140.50.84-85. Is there a way to hand them off to my trusted network for IP assignment?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jfrahim Thu, 05/23/2002 - 12:23
User Badges:
  • Cisco Employee,

I am not sure if I am following your topology properly. Can you describe your topology better .. I am not sure how your pix firewall is connected to the VPN, and sure what VPN devices are you using ( 3000 concentrator, 5000 concentrator, pix, IOS )

Thanks


Jazib

tmickle Thu, 05/23/2002 - 13:35
User Badges:

I changed all the IP addresses these are all fake but it is the same topology


Hopefully this explains it a bit better:


(INTERNET)

||

\/

(IGR) --> 206.140.80.80

||

\/

(PIX 515E) --> [OUT INT]206.140.80.81 [IN INT]192.168.190.253

||

\/

(TRUSTED ROUTER) --> [LAN 1]192.168.190.254 [LAN 2]192.1.1.13

||

\/

(TRUSTED NETWORK) --> 192.1.1.0


The PIX 515E is running VPN and Firewall services


For the client side I am running Cisco 3.5.1


I am assigning the VPN clients an ip address from a pool of addresses (206.140.80.82-84). Problem is I want to have 10 clients connect to the VPN possibly at the same time on some occasions but only have 3 IP addresses . Do I have to assing each client a seperate IP address or can I do nat or pat or something.


Hope that clears it up

Actions

This Discussion