Same network on client side and LAN side of VPN concentrator

Discussion in 'Cisco' started by binand@gmail.com, Dec 15, 2004.

  1. Guest

    Hi All,

    I have a Cisco VPN concentrator 3000, and have got the Cisco VPN client
    installed on my notebook. What I want to do is to use the same netblock
    on the private side of the concentrator and on the client side. Here is
    how it looks:

    VPNc Private Interface: 10.10.10.49
    Server on the Private side: 10.10.10.5
    My notebook (VPN client): 10.10.10.151

    I authenticate, get the IP address, tunnelled netblocks are setup etc.
    all fine. But I cannot access the server. When I ping from my notebook,
    I see on the server:

    [root@legolas root]# tcpdump -nn src or dst 10.10.10.151 and proto
    \\icmp
    tcpdump: listening on eth0
    00:18:13.291526 10.10.10.151 > 10.10.10.5: icmp: echo request
    00:18:13.291546 10.10.10.5 > 10.10.10.151: icmp: echo reply

    That is, the server gets the ping requests from my notebook and
    responds properly. But on the client, I do not get ping replies:

    C:\Documents and Settings\binand>ping 10.10.10.5

    Pinging 10.10.10.5 with 32 bytes of data:

    Request timed out.

    On both the server and the client, I can also see that the ARP table
    shows the VPNc's MAC address for the other's IP address.

    I am sure this is a configuration problem somewhere, but I cannot
    figure out where. I am running vpn3000-4.1.7.B-k9.bin on the
    concentrator and the client is VPN Client V 4.0.1 (Rel). It is running
    on Windows XP SP2 (does SP2 makes a difference?).
    Any help will be appreciated.

    TIA,

    Binand
     
    , Dec 15, 2004
    #1
    1. Advertising

  2. In article <>,
    <> wrote:
    :I have a Cisco VPN concentrator 3000, and have got the Cisco VPN client
    :installed on my notebook. What I want to do is to use the same netblock
    :eek:n the private side of the concentrator and on the client side. Here is
    :how it looks:

    :VPNc Private Interface: 10.10.10.49
    :Server on the Private side: 10.10.10.5
    :My notebook (VPN client): 10.10.10.151

    If you are using the 10 address range, you could be hitting the
    difficulty that by default the IP address constructed for the
    link is "classful". You might be expecting 10.10.10/24 as your
    network, but your might be getting 10/8 at one or both of the
    ends instead. That will foul up ARP broadcasts to locate the
    destination.

    I understand that in very recent releases of the VPN concentrator
    software, you can configure the netmask to be returned for the
    tunnel IP. I haven't used a VPN concentrator, though, so I could
    be wrong; I'm going by memory of the release notes of the
    corresponding new feature in the latest Cisco PIX firewall software.

    --
    csh is bad drugs.
     
    Walter Roberson, Dec 15, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. mikester
    Replies:
    4
    Views:
    17,010
    Eric Sorenson
    Feb 8, 2004
  2. Bjoern Frantzen
    Replies:
    2
    Views:
    1,018
    Rik Bain
    Feb 11, 2004
  3. TechGuy
    Replies:
    3
    Views:
    6,122
    GizmoTech
    Feb 5, 2009
  4. Matt
    Replies:
    2
    Views:
    1,057
  5. elinor
    Replies:
    2
    Views:
    1,849
    elinor
    Nov 16, 2006
Loading...

Share This Page