Re: VPNClient V4.0.x and client netmask

jeff_green · ‎05-19-2003

Hi,

I've set up a VPN using PIX 6.3(1) and VPNClient using the vpngroup

commands on the PIX , client IPs are allocated out of an IP pool.

Using w2K and VPNClient v4.0.1 - everything works fine.

I'm using 10.x.y.z IPs for all my internal networks (including the IP pool) and

I've noticed that when the tunnel is up, the IP netmask on the client is set to

255.0.0.0.

Is this "correct" ?

I'd expect to be able to specify this using a vpngroup command but I

can't find anything in the PIX6.3(1) docs.

Many Thanks,

gfullage · ‎05-21-2003

The mask is not set anywhere by the VPN client or the VPN termination device. The underlying operating system (Windows) sets this mask automatically, and it simply uses a class A mask for a class A network, etc.

The mask doesn't really matter though. The VPN client simply forwards packets onto the corporate network, these packets will have a source address of whatever IP address the client was given out of the pool. The subnet mask doesn't come into it. As long as your corporate network has a route back to this VPN address that eventually leads back to the PIX, then everything will work.

The only issue this could cause is if you have a local network at your home where the PC is, and it is also a 10.x.x.x network, Windows may end up trying to route local packets over the VPN. Other than that though, the subnet mask really doesn't come into it, so don't worry too much about it.