The tunnel default gateway must be an internal router on your own site which is on the same subnet as the private interface of the vpn concentrator. Add specific host routes with a destination of the Tunnel Default Gateway for the IP addresses of the machines that need to be reached by clients on the Public side of the Concentrator. This will of course prevent proper communication from the Concentrator to these machines but will allow the clients access
I have the public IP on the VPN concentrator as 10.10.224.15/22. I have the private (inside ) IP as 10.10.228.11/22. I have the client VPN pool defined as 10.10.228.25 - 10.10.231.250 which is on the same subnet as the inside interface.
Will the VPN concentrator proxy arp for the VPN client adresses? Or do I need to assign the client pool from a different subnet say 10.10.232.0/22?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...