Same network on client side and LAN side of VPN concentrator
DComTalk.com Forum Index DComTalk.com
Discussion of VoIP, VPN, Video Conferencen, DSL and other data commucations.
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web dcomtalk.com
Same network on client side and LAN side of VPN concentrator

 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco
Author Message
binand@gmail.com
Guest
Posted: Wed Dec 15, 2004 10:33 am    Post subject: Same network on client side and LAN side of VPN concentrator Reply with quote
Hi All,

I have a Cisco VPN concentrator 3000, and have got the Cisco VPN client
installed on my notebook. What I want to do is to use the same netblock
on the private side of the concentrator and on the client side. Here is
how it looks:

VPNc Private Interface: 10.10.10.49
Server on the Private side: 10.10.10.5
My notebook (VPN client): 10.10.10.151

I authenticate, get the IP address, tunnelled netblocks are setup etc.
all fine. But I cannot access the server. When I ping from my notebook,
I see on the server:

[root@legolas root]# tcpdump -nn src or dst 10.10.10.151 and proto
\\icmp
tcpdump: listening on eth0
00:18:13.291526 10.10.10.151 > 10.10.10.5: icmp: echo request
00:18:13.291546 10.10.10.5 > 10.10.10.151: icmp: echo reply

That is, the server gets the ping requests from my notebook and
responds properly. But on the client, I do not get ping replies:

C:\Documents and Settings\binand>ping 10.10.10.5

Pinging 10.10.10.5 with 32 bytes of data:

Request timed out.

On both the server and the client, I can also see that the ARP table
shows the VPNc's MAC address for the other's IP address.

I am sure this is a configuration problem somewhere, but I cannot
figure out where. I am running vpn3000-4.1.7.B-k9.bin on the
concentrator and the client is VPN Client V 4.0.1 (Rel). It is running
on Windows XP SP2 (does SP2 makes a difference?).
Any help will be appreciated.

TIA,

Binand
Back to top
Walter Roberson
Guest
Posted: Wed Dec 15, 2004 10:48 am    Post subject: Re: Same network on client side and LAN side of VPN concentr Reply with quote
In article <1103088782.933683.192450@z14g2000cwz.googlegroups.com>,
binand@gmail.com <binand@gmail.com> wrote:
:I have a Cisco VPN concentrator 3000, and have got the Cisco VPN client
:installed on my notebook. What I want to do is to use the same netblock
:on the private side of the concentrator and on the client side. Here is
:how it looks:

:VPNc Private Interface: 10.10.10.49
:Server on the Private side: 10.10.10.5
:My notebook (VPN client): 10.10.10.151

If you are using the 10 address range, you could be hitting the
difficulty that by default the IP address constructed for the
link is "classful". You might be expecting 10.10.10/24 as your
network, but your might be getting 10/8 at one or both of the
ends instead. That will foul up ARP broadcasts to locate the
destination.

I understand that in very recent releases of the VPN concentrator
software, you can configure the netmask to be returned for the
tunnel IP. I haven't used a VPN concentrator, though, so I could
be wrong; I'm going by memory of the release notes of the
corresponding new feature in the latest Cisco PIX firewall software.

--
csh is bad drugs.
Back to top
 
Post new topic   Reply to topic    DComTalk.com Forum Index -> Cisco All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




VoIP Solutions: Telephone Systems Electronics Satellite TV Tech & Gadgets
Powered by phpBB