Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
254
Views
0
Helpful
2
Replies

Concentrator assign client address different from hotel NAT?

rspchan00
Level 1
Level 1

‎06-01-2006 06:30 AM - edited ‎03-09-2019 03:06 PM

Is there a way to get the concentrator to assign the client a tunnel address that will not clash/overlap with the address/netmask that the client gets from the hotel or his/her SOHO NAT router?

I cannot predict the address/netmask the client will receive at the hotel and the user may not have the nous to configure his/her SOHO router.

I would like to configure the concentrator to automatically assign a non-overlapping address/netmask - multiple client address/netmask pools required here?

Labels:
0 Helpful
2 Replies 2

thanekamp
Level 1
Level 1

‎06-01-2006 06:04 PM

If you are asking if there is a way for the concentrator to detect an overlapping LAN range with its primary DHCP scope and then shift to a secondary scope the answer is no.

The best bet is to just pick a range that is less likely to be used, (e.g. 172.31.255.0/24 and not 192.168.1.0/24)

0 Helpful

rspchan00
Level 1
Level 1
In response to thanekamp

‎06-02-2006 07:58 AM

Yes - this is what I'm trying to do - for example a concentrator can use a DHCP server and IPSEC IKE(v2) can now assign the inner IP address to the client.

But if the VPN server isn't aware of the client's outer configuration (maybe also a private IP address assigned by a hotel or other Internet POP) the inner configuration may overlap.

What do you folks practice to handle your road warrior colleagues? Have you ever run into this overlapping subnet problem?

0 Helpful
Customers Also Viewed These Support Documents