Pix 506e, VPN, and overlapping pools... a love story

Discussion in 'Cisco' started by Nate Smith, Oct 21, 2003.

  1. Nate Smith

    Nate Smith Guest

    Hi gurus:

    I'm a software developer and not much of a hardware guy so please bear with
    me. I'm trying to setup my Cisco 506e VPN and am not understanding
    something. I am using the PDM and running the VPN wizard. Everything is
    fine until the step where I tell the VPN which block of IP's to use for
    remote connections. I setup my DHCP to give out - I have some static internal IP's setup for a domain server
    and some printers. They are down in the range. My
    intention was to give incoming VPN clients but it
    tells me that the pool I am trying to define overlaps a global pool. I have
    th following in my config:

    global (outside) 2 interface
    global (inside) 1 netmask

    I guess I'm not understanding what global is for. I would like the internal
    IP layout to look like this: = PIX = Internal Statics = VPN Clients = Internal DHCP Clients

    I was able to give the pool of - and get the thing
    working. Was able to connect, authenticate, etc. I had a IP on
    the client and was able to communicate with it. But I want the VPN clients
    to be on the same subnet as the internal clients.

    Any clarification on this would be GREATLY appreciated! I'm oso lost.

    Best regards,

    Nate Smith, Oct 21, 2003
  2. Nate Smith

    Brian V Guest

    they can't be. The vpn users must be on a seperate subnet than the internal
    users. The pix won't allow it.
    Brian V, Oct 21, 2003
  3. Nate Smith

    Hugo Drax Guest

    no they dont, you just need to make sure you do not add the IP range used
    for PAT or nat in the vpn pool. as long as you add a section of the internal
    net unusued by internal hosts,nat or pat it would work. That is how I set my
    pix up. I have an internal net and use 32 addresses in the last
    section of that range for the VPN pool.
    Hugo Drax, Oct 21, 2003
