my environment makes it necessary that client version 4.0.3 gets a 24 bits subnet mask for the virtual interface which is given an address from a 10.0.0.0/24 pool from the PIX. I tested with VPN3000 too but client assigns a 8bit mask itself. So I cannot access the other 10.0.0.0 subnets on client site hence the routing problem.
In debugs I found out that client not requests a subnet mask (no INTERNAL_IPV4_NETMASK requested in mode config).
Is it right that it is not possible to assign the client a subnet mask from EZVPN concentrator device or are there solutions?
vpn clients should get a /32 subnet mask - 255.255.255.255, or, whatever the SM of the inside interface is. I get a /32 statement for the outside 3000 interface, and the appropriate subnet mask for the inside one. This is with 4.02b on my laptop. I doubt 4.03 should be different
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...