PIX, VPN, Split Tunneling, IPOOL

Discussion in 'Cisco' started by Pinko_Commie, Sep 13, 2004.

  1. Pinko_Commie

    Pinko_Commie Guest

    Heres the problem.

    I am trying to access via the Cisco VPN client to a Pix 520 running
    6.3(3)

    The inside network is 10.1.0.0 255.255.255.0 (yes, this is correct, i
    have had to subnet it down)

    The network i am trying to connect from is 10.0.0.0 255.0.0.0

    Everything works fine apart from the split tunneling. The IPpool i
    assigned (10.1.0.150 to 10.1.0.200) automatically assigns a netmask of
    255.0.0.0 and there seems to be no way to subnet it otherwise.
    Obviously this screws with my split tunneling.

    Can I either force the correct netmask onto the IPPOOL, or is there a
    way to assign a totally different IP range to the IPPOOL (192.168.0.1
    to 192.168.0.50 for instance) and have this route properly to the
    inside interface?

    I have tried specifying the IPPOOL to be 192.168.0.1 to 192.168.0.50,
    the VPN cient connect fine, is assigned an IP from the pool, but you
    cannot access anything on the inside interface.
    Pinko_Commie, Sep 13, 2004
    #1
    1. Advertising

  2. Hi,

    There is an update for the pix that allows you to specifiy the mask to
    assign to vpn clients. The feature is in 6.3(4).
    http://www.cisco.com/en/US/customer...od_release_note09186a0080267ccd.html#wp137259

    Erik

    "Pinko_Commie" <> wrote in message
    news:...
    > Heres the problem.
    >
    > I am trying to access via the Cisco VPN client to a Pix 520 running
    > 6.3(3)
    >
    > The inside network is 10.1.0.0 255.255.255.0 (yes, this is correct, i
    > have had to subnet it down)
    >
    > The network i am trying to connect from is 10.0.0.0 255.0.0.0
    >
    > Everything works fine apart from the split tunneling. The IPpool i
    > assigned (10.1.0.150 to 10.1.0.200) automatically assigns a netmask of
    > 255.0.0.0 and there seems to be no way to subnet it otherwise.
    > Obviously this screws with my split tunneling.
    >
    > Can I either force the correct netmask onto the IPPOOL, or is there a
    > way to assign a totally different IP range to the IPPOOL (192.168.0.1
    > to 192.168.0.50 for instance) and have this route properly to the
    > inside interface?
    >
    > I have tried specifying the IPPOOL to be 192.168.0.1 to 192.168.0.50,
    > the VPN cient connect fine, is assigned an IP from the pool, but you
    > cannot access anything on the inside interface.
    Erik Tamminga, Sep 13, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. misiob
    Replies:
    5
    Views:
    3,068
    Pete Mainwaring
    Jun 23, 2004
  2. The Entitty

    Cisco VPN - Split tunneling

    The Entitty, Jun 29, 2004, in forum: Cisco
    Replies:
    2
    Views:
    5,355
    Memnoch
    Jun 29, 2004
  3. John Sasso

    Split Tunneling and Cisco VPN client

    John Sasso, Aug 26, 2004, in forum: Cisco
    Replies:
    1
    Views:
    6,790
    Scooby
    Aug 26, 2004
  4. Bob Smith
    Replies:
    3
    Views:
    5,797
    Bob Smith
    Nov 10, 2004
  5. jsandlin0803
    Replies:
    1
    Views:
    1,334
    response3
    Jan 1, 2006
Loading...

Share This Page