Re: [OSL | CCIE_Security] VPN remote - how to change VPN client's subnet mask

Mon, 27 Jun 2011 07:23:17 -0700 

Hi Poitr,
Labbed it up again..... same issue.
subnet mask 255.255.255.0 never get pushed to the client.

Has anyone managed to get this before? does it work at all, I really never
tried to pin point this one!



Windows 2000 IP Configuration

Ethernet adapter Local Area Connection 5:

    Connection-specific DNS Suffix  . :
    IP Address. . . . . . . . . . . . : 77.77.77.1 <-- address from EasyVPN
server pool
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . :                      <---------BLANK
, never get anything here but everything works

Ethernet adapter eth0:

    Connection-specific DNS Suffix  . :
    IP Address. . . . . . . . . . . . : 55.55.4.111 <--- local address
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 55.55.4.1
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 0c 29 a5 aa 2c ...... VMware Accelerated AMD PCNet Adapter
0x1000004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        55.55.4.1     55.55.4.111      1
        55.55.4.0    255.255.255.0      55.55.4.111     55.55.4.111      10
      55.55.4.111  255.255.255.255        127.0.0.1       127.0.0.1      10
        55.55.6.2  255.255.255.255        55.55.4.1     55.55.4.111      1
       55.55.18.0    255.255.255.0      77.77.77.2     77.77.77.1      1
       55.55.19.0    255.255.255.0      77.77.77.2     77.77.77.1      1
   49.255.255.255  255.255.255.255      55.55.4.111     55.55.4.111      10
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      77.77.77.0    255.255.255.0      77.77.77.1     77.77.77.1      1
      77.77.77.1  255.255.255.255        127.0.0.1       127.0.0.1      1
    77.77.77.255  255.255.255.255      77.77.77.1     77.77.77.1      1
        224.0.0.0        224.0.0.0      55.55.4.111     55.55.4.111      10
        224.0.0.0        224.0.0.0      77.77.77.1     77.77.77.1      1
  255.255.255.255  255.255.255.255      55.55.4.111     55.55.4.111      1
Default Gateway:         55.55.4.1
===========================================================================
Persistent Routes:
  None



On Sun, Jun 26, 2011 at 9:57 PM, Serious CCIE <[email protected]> wrote:

> don't have handy yet but it looks normal. as u've noticed in the
> configuration example , there is also a split tunneling so in route print i
> see split-tunnel too.
>
>
>
> On Sun, Jun 26, 2011 at 9:49 PM, Piotr Matusiak <[email protected]> wrote:
>
>> can you paste "route print " command output on windows host after vpn
>> client connection?
>>
>>
>>
>> 2011/6/26 Serious CCIE <[email protected]>
>>
>>> Hi Piotr, thanks.
>>>
>>> The configuration is the same as COPY & paste of below link:
>>>
>>>
>>> http://www.cisco.com/en/US/docs/routers/access/1800/1841/software/configuration/guide/ezvpn_ps5855_TSD_Products_Configuration_Guide_Chapter.html#wp1050158
>>>
>>>
>>> the only changes that I made to this  - added subnet mask command to
>>> below config
>>>
>>> crypto isakmp client configuration group VPN1
>>>
>>>   acl SPLIT_T
>>>
>>>   ip access-list extended SPLIT_T
>>>
>>>   permit ip 192.168.0.0 0.0.255.255 any
>>>
>>>   key cisco123
>>>
>>>   dns 192.168.168.183 192.168.226.120
>>>
>>>   wins 192.168.179.89 192.168.2.87
>>>
>>>   domain cisco.com
>>>
>>>   pool VPN-POOL
>>>
>>>   save-password
>>>
>>>
>>>
>>> On Sun, Jun 26, 2011 at 1:26 AM, Piotr Matusiak <[email protected]> wrote:
>>>
>>>> can you paste your config and related commands output?
>>>>
>>>> in general to make it work on IOS you must use "netmask" command and to
>>>> make it work on ASA you must add netmask to "ip local pool" command.
>>>>
>>>> Regards,
>>>> Piotr
>>>>
>>>>
>>>> 2011/6/25 Serious CCIE <[email protected]>
>>>>
>>>>> Hi Everyone - thanks for the replies...
>>>>> I was trying to do it on ASA.
>>>>>
>>>>> @ Piotr - I've tried that but I was still getting /32 - any idea?
>>>>>
>>>>>
>>>>> "I have tried putting subnet mask in client config on Server but still
>>>>> I get /32 bit subnet mask."
>>>>>
>>>>>
>>>>> On Fri, Jun 24, 2011 at 2:35 AM, Piotr Matusiak <[email protected]>wrote:
>>>>>
>>>>>> if this is IOS then under group configuration there is "netmask"
>>>>>> command.
>>>>>>
>>>>>> Regards,
>>>>>> Piotr
>>>>>>
>>>>>>
>>>>>> 2011/6/23 Serious CCIE <[email protected]>
>>>>>>
>>>>>>> VPN-SERVER-------------Internet---------VPN-CLIENT
>>>>>>>
>>>>>>> Is it possible when client get's an IP address  from the POOL1 have a
>>>>>>> subnet mask of 255.255.255.0 for example?
>>>>>>>
>>>>>>> In most cases when client dials into the server it gets an IP address
>>>>>>> and the default subnet mask of /32 (192.159.1.39/255.255.255.255)
>>>>>>>
>>>>>>> I have tried putting subnet mask in client config on Server but still
>>>>>>> I get /32 bit subnet mask.
>>>>>>>
>>>>>>> thanks
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> For more information regarding industry leading CCIE Lab training,
>>>>>>> please visit www.ipexpert.com
>>>>>>>
>>>>>>> Are you a CCNP or CCIE and looking for a job? Check out
>>>>>>> www.PlatinumPlacement.com
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to