Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP Address Range for SSL users

based on the admin manual when creating the IP address range for the SSL users you should either use a different subnet range or a portion of your internal range that does not overlap with the subnet. with all 3 devices i used to be able to do that example of this, the range from X.X.X.225 to X.X.X.254 is excluded from my DHCP server so this was allocated to the SSL clients. the problem i now have is i changed the subnet address scheme on one of my sa 520 devices and all was fine the LAN address is fine until i try to allocate the SSL IP address range to the new subnet and again use the X.X.X.225 to X.X.X.254 it gives a error saying it "The subnet specified is same as LAN/VLAN subnet, Please specify a different subnet" but according to the the manual which this next part is copied from i should be able to do this unless im reading it incorrectly

"Make sure that the virtual (PPP) interface address of the VPN tunnel client does not

conflict with the address of any physical devices on the LAN. The IP address

range for the SSL VPN virtual network adapter should be either in a different

subnet or non-overlapping range as the corporate LAN"

the range does not conflict with any devices and is non overlapping.



IP Address Range for SSL users


First it's just easiest to change the SSL ip dhcp range to a different subnet. Now as for non-overlapping if you're LAN address is and you're trying to specify SSL ip address within that range then this would be considered overlapping. Unless you changed /24 subnet mask to something different. Now as far as you use to be able to, there was an bug that would allow overlapping of subnet's as you know this can cause trouble with networking and needed to be fixed.


CreatePlease login to create content