I have a question regarding IPSec VPN gateway. When my client uses a cisco vpn client, I always get the first IP of my address pool as the default gateway. For example, If I assign the client IP in range 192.168.0.0/24, all the clients will get the default gateway of 192.168.0.1. Can we change this behavior to a partucular IP?
Why would you want to change the default gateway to another IP? Let me ask you this - if you connect to the VPN and recevie a /32 IP of 192.168.1.1. This IP is assigned to a virtual adapter on the client machine. If you change the DG to another IP - where does that IP exist? How does the VPN client know which interface/virtual adapter to encrypt and send the VPN traffic thru to get to the remote end??
Yes, I understand. The problem is my ASA/VPN terminator is not using that IP address and its already assigned to another device. The reason I want to change the IP is because I want to change it to use ASA IP address.
I agree to Andrew's explanation. You can't change the vpn client gw to ASA ip not just because you want to change it as you said above.
Logically, what you are saying is not even making sense. The traffic is initiated from your VPN adapter which is a non-routable address on the internet. Moreover, to go encrypted, it has to be encapsulated to your client's public ip address which will then reach the local ISP gw, then to ISP and then taking other hops it would reach your ASA. By asking for your ASA's IP address as the gw for vpn client, you are somewhat asking to have some IP address on the internet to be your local VPN machine's IP address. Hence, this makes no sense.
bdw, by your statement,"already assigned to another device" are you saying that the 192.168.0.1 is already assigned to some other vpn device? if that's so that it does not matter, because the gw address that you see on vpn client machine is specific to that machine only.
Hope the other side of the explanation makes sense to you and clarifies your doubt.
P.S Please do rate this post if you find it helpful to make it easier for others seeking answers to similar queries
you are correct. Somehow I focused on the dummy gateway that Cisco VPN client put. But I remember that the traffic to be put on the vpn interface is defined on the access-list on the tunnel property. Thanks for the discussion guys.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...