Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client Pools with Pix vs. VPN 3005

I've noticed that the sample configs for the Pix as VPN Head-end are different from the VPN 3005 config samples. While both work fine if the VPN device is reachable from the default network, the Pix config doesn't work well if there's another router on the network which the internal machines are using as a default gatway.

The VPN 3005 configurations for VPN Software clients utlize a client IP pool from the inside interface of the VPN 3005, and the VPN 3005 the Proxy-Arps for these clients -- This is handy because it will work without having to change all of the internal client machines to a new default gateway.

However, the Pix config examples always seem to use a different IP subnet for VPN Client pool, which then requires either pointing all internal machines to the Pix for their default gateway, or adding another route statement to whatever device is the internal default gatway for servers.

My question is: Is it possible to define a Pix VPN client pool from the inside interface's subnet, and if so will the pix then Proxy Arp for those VPN clients the same way the 3005 does? The Docs for the Pix don't seem to give any requirements one way or the other for the Pix's VPN client pool.

New Member

Re: VPN Client Pools with Pix vs. VPN 3005

I have always configured a separate IP POOL of addresses for incoming clients on a PIX. It may be because of the Proxy arp, but without confiuring it this way the clients cannot access resources inside the LAN.



CreatePlease login to create content