non-contiguous address pools

Unanswered Question
Sep 25th, 2006
User Badges:

Hi All,


We have a VPN 3020 concentrator used for remote access. We are running out of IP addresses and so I am thinking of expanding the pool. Right now, the inside interface is x.x.24.9 and the tunnel default gateway is x.x.24.1. Now, I need to add x.x.22.0/24 for additional address space. What configuration do I need so that the address pool can be expanded.


Any help would be appreciated.


Meena

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
martindesrosiers Tue, 09/26/2006 - 04:54
User Badges:

What is the subnet mask of your inside interface.


If you have a single inside subnet you can just change your net mask for a /20 (255.255.240.0) to include your .20.x and .24.x range. This is the way to expanded IP subnets. But you'll have to change the netmask on all your inside nodes. If you can't, you'll have to create another subnet for your .20.x and does some routing between your subnets. But don't bother with your adresse space, you have the more scalable private class (10.0.0.0/8). But use it wisely.

mchockalingam Tue, 09/26/2006 - 05:36
User Badges:

The subnet mask is /24. I cannot expand it to /23 since it is already taken. SO, the second address pool range will be a non-local subnet to the concentrator. For example, the first address pool has x.x.24.11 through x.x.24.254 and the inside interface address of the concentrator is x.x.24.9 with the tunnel default gateway of x.x.24.1.


Now, I need to add a second pool x.x.22.0/24. Since it is non-local to the VPN, I need to add static routes for this subnet on the inside network to point to the concentrator. correct?

martindesrosiers Wed, 09/27/2006 - 04:30
User Badges:

If your concentrator is your inside gateway, you don't have to add static route in your inside network because all requested IP that are not in your inside subnet will be send to your concentrator. The static route must be entered in your concentrator.


Is your 24.1 the concentrator outside interface


Can you attached a jpg of your concentrator's connected subnet please. It's hard to make a right decision about addressing without diagram.

mchockalingam Wed, 09/27/2006 - 11:33
User Badges:

The 24.1 is the concentrator's inside interface. The original pool was on the 24.x range but now I added a non-local subnet for the address pool. For this, I added a static route on the inside router to point to the concentrator. Now I see clients getting addresses from the new pool I and they are working fine.


Thanks for your help.

Actions

This Discussion