Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is there still any connection issue for VPN client using private IP

Hi There,

i have a general question about the VPN clients. As a fact we all know that when we are using remote vpn client at home, we are actually sitting on 192 or 172 private network. and it works all fine. So here is the question, there was once that some vpn client must have public IP to make the connetion. i remember it was related to self IPsec or sth like.  Does the same problem still existing in modern world's vpn clients?

the reason why I'm asking is that we are currently redesigning our networks for all the branch sites. before we were assigning /24 public IP's to the sites since the users will have vpn connection issues sometimes. I'm looking into changing all the sites to be on 10.x subnet, but would like to verify if the VPN issue still exists.

would like to hear your experience.

sincerely Thanks

5 REPLIES
New Member

Is there still any connection issue for VPN client using private

A CLIENT to SERVER VPN configuration needs to have the SERVER/VPN head-end with a static, public IP ADDRESS That is accessible to the VPN client from wherever it may be located. The Client itself can sustain a connection so long as the Dynamic IP Address does not change for pretty much an entire work session. Typically anyone launching a soft/vpn client aren't going to be on it indefinitely so that means a dynamic public IP NAT'd is fine. I would say if I am understanding the question correctly that you are good to go with a Dynamic IP Address at the remote/branch/client side of the equasion provided you aren't trying to do any permanent GRE-tunneling which would then require 2 static/public IP Addresses respectively.

Does that help? IF not, can you please rephrase the question?

Josh

New Member

Is there still any connection issue for VPN client using private

Thanks a lot.

Actually we are concerning about the remote vpn access by individual users. Such as ppl using Cisco VPN client or any of other VPN clients on their laptops. A few years ago, we were seeing ppl came onto our sites and ran into problems when trying to use their own vpn clients. We ended up to provide them static public IP to make it work. but I never saw same issue in recent years. now we are trying to take back all those public IP's we assigned to all the branch sites for onsite visting users. the question is if there would still be issues when clients are trying to use their own VPN client when on privated IP range such as 10 or 172.16?

Did you guys see any similar issue in recent years?

New Member

Is there still any connection issue for VPN client using private

btw, the private IP I'm referring to is only on the client laptop side. not the VPN server end. does the vpn end user needs to have their laptops on public IP in certain circumstance in recent years?

New Member

Is there still any connection issue for VPN client using private

No, there is NO issue with using an internal / private IP ADDRESS scheme for "other" VPN Clients. The issue and most likely why you had to use a PUBLIC IP ADDRESS was your Firewall and it blocking ports on different VPN platforms, so you simply by-passed the issue i.e. the Firewall. In fact, I've never had an issue with internal to external IP Address translation/routing in regards to VPN but then again I haven't used every VPN appliance out there.

Hopefully this helps, you should be just fine using an internal private scheme to external IP ADDRESS translation without worrying. It's made so easy these days..

Hope that helps Marcus - Please check off "Correct answer" if I helped you.

New Member

Is there still any connection issue for VPN client using private

This is the description I get from the download option. Does this look right as the right version? Doesn't say VPN.

The admin bundle installation allows an administrator to configure interfaces, VLANs, static routes, manage users, create new end user views, configure any IOS cli, configure Plug-n-Play gateway, Wi-Fi and perform basic troubleshootin
302
Views
0
Helpful
5
Replies
CreatePlease to create content