Same network on client side and LAN side of VPN concentrator

Same network on client side and LAN side of VPN concentrator

Post by Walter Robers » Thu, 16 Dec 2004 14:48:36




:I have a Cisco VPN concentrator 3000, and have got the Cisco VPN client
:installed on my notebook. What I want to do is to use the same netblock
:on the private side of the concentrator and on the client side. Here is
:how it looks:

:VPNc Private Interface: 10.10.10.49
:Server on the Private side: 10.10.10.5
:My notebook (VPN client): 10.10.10.151

If you are using the 10 address range, you could be hitting the
difficulty that by default the IP address constructed for the
link is "classful". You might be expecting 10.10.10/24 as your
network, but your might be getting 10/8 at one or both of the
ends instead. That will foul up ARP broadcasts to locate the
destination.

I understand that in very recent releases of the VPN concentrator
software, you can configure the netmask to be returned for the
tunnel IP. I haven't used a VPN concentrator, though, so I could
be wrong; I'm going by memory of the release notes of the
corresponding new feature in the latest Cisco PIX firewall software.

--
csh is bad *.

 
 
 

Same network on client side and LAN side of VPN concentrator

Post by bin.. » Thu, 16 Dec 2004 14:33:02


Hi All,

I have a Cisco VPN concentrator 3000, and have got the Cisco VPN client
installed on my notebook. What I want to do is to use the same netblock
on the private side of the concentrator and on the client side. Here is
how it looks:

VPNc Private Interface: 10.10.10.49
Server on the Private side: 10.10.10.5
My notebook (VPN client): 10.10.10.151

I authenticate, get the IP address, tunnelled netblocks are setup etc.
all fine. But I cannot access the server. When I ping from my notebook,
I see on the server:


\\icmp
tcpdump: listening on eth0
00:18:13.291526 10.10.10.151 > 10.10.10.5: icmp: echo request
00:18:13.291546 10.10.10.5 > 10.10.10.151: icmp: echo reply

That is, the server gets the ping requests from my notebook and
responds properly. But on the client, I do not get ping replies:

C:\Documents and Settings\binand>ping 10.10.10.5

Pinging 10.10.10.5 with 32 bytes of data:

Request timed out.

On both the server and the client, I can also see that the ARP table
shows the VPNc's MAC address for the other's IP address.

I am sure this is a configuration problem somewhere, but I cannot
figure out where. I am running vpn3000-4.1.7.B-k9.bin on the
concentrator and the client is VPN Client V 4.0.1 (Rel). It is running
on Windows XP SP2 (does SP2 makes a difference?).
Any help will be appreciated.

TIA,

Binand