Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ovt Bronze
Bronze

Again: pushing netmask via ModeCfg (ATN: gfullage !)

Hi!

I'm sure this has been discussed multiple times here.

I know, there is no attribute in ModeCfg such as "subnet mask" and it is not possible to send subnet mask to the VPN client. Subnet mask is assigned by Windows according to the IP-address class.

One possible problem with this design is "Office Mode" support. "Office mode" (thanks Checkpoint) means that we borrow IP-addresses from the corporate network (the network behind VPN3000 or such). So, VPN clients appear on the same subnet as corporate servers, etc.

In this case, if netmask is incorrect, directed broadcast address is incorrect also and we end up with NetBIOS over TCP/IP not working properly.

So, taking above into consideration, the question is: what is the recommended design for Cisco VPNs? Should one always use separate IP subnet as address pool? Does VPN 4.x client support "Office mode"? Can it forward NetBIOS directed broadcasts via the tunnel? (3002 do this well.)

I think this is important design question.

Regards,

Oleg Tipisov,

REDCENTER,

Moscow

115
Views
0
Helpful
0
Replies
CreatePlease login to create content