cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
327
Views
0
Helpful
4
Replies

non-contiguous address pools

mchockalingam
Level 1
Level 1

Hi All,

We have a VPN 3020 concentrator used for remote access. We are running out of IP addresses and so I am thinking of expanding the pool. Right now, the inside interface is x.x.24.9 and the tunnel default gateway is x.x.24.1. Now, I need to add x.x.22.0/24 for additional address space. What configuration do I need so that the address pool can be expanded.

Any help would be appreciated.

Meena

4 Replies 4

What is the subnet mask of your inside interface.

If you have a single inside subnet you can just change your net mask for a /20 (255.255.240.0) to include your .20.x and .24.x range. This is the way to expanded IP subnets. But you'll have to change the netmask on all your inside nodes. If you can't, you'll have to create another subnet for your .20.x and does some routing between your subnets. But don't bother with your adresse space, you have the more scalable private class (10.0.0.0/8). But use it wisely.

The subnet mask is /24. I cannot expand it to /23 since it is already taken. SO, the second address pool range will be a non-local subnet to the concentrator. For example, the first address pool has x.x.24.11 through x.x.24.254 and the inside interface address of the concentrator is x.x.24.9 with the tunnel default gateway of x.x.24.1.

Now, I need to add a second pool x.x.22.0/24. Since it is non-local to the VPN, I need to add static routes for this subnet on the inside network to point to the concentrator. correct?

If your concentrator is your inside gateway, you don't have to add static route in your inside network because all requested IP that are not in your inside subnet will be send to your concentrator. The static route must be entered in your concentrator.

Is your 24.1 the concentrator outside interface

Can you attached a jpg of your concentrator's connected subnet please. It's hard to make a right decision about addressing without diagram.

The 24.1 is the concentrator's inside interface. The original pool was on the 24.x range but now I added a non-local subnet for the address pool. For this, I added a static route on the inside router to point to the concentrator. Now I see clients getting addresses from the new pool I and they are working fine.

Thanks for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: