04-16-2004 12:42 AM - edited 03-10-2019 07:45 AM
Is there a way to assign a netmask to a VPN client that connects itself to the network via a VPN concentrator?
The assignment of the IP address is not a problem but we always get a 8-Bit address. That's not what we want. I don't see a menu in ACS where the netmask can be determined. Radius attribute [9] does not work. We use radius and we have defined the IP adresses in an address pool on the ACS server.
Thanks. Thomas.
04-26-2004 08:52 AM
Thomas,
There is nothing available that I am aware of to assign a netwmask value. I believe this is actaully a limitation of the concentrator rather than the ACS server. Even if assigning addresses from a pool on the concentrator itself, you do not have the option of assigning the mask (I believe it actually defaults to a 32 bit mask in this case). Most times, the subnet mask is not very important as the concentrator will proxy arp for any devices that are connected to it. Can you elaborate a bit more on why this would be a problem? Are you trying to use an address space within your current network?
Scott
05-04-2004 11:11 AM
Scott,
I am having a similar problem. We are trying to assign IP addresses from a pool on the concentrator and have a class B range. Within our current network we have VLSM. The client defaults to a 255.255.0.0 subnet mask. I am not sure if this i a problem becasue I am having some problems in connecting the client properly.
Thanks.
05-05-2004 12:16 AM
... in fact we don't have problems with reachability. But the fact that the concentrator assigns netmasks and we don't know why and from which resource, makes me nervous.
Thomas
05-05-2004 06:07 AM
The reason you are assigned a netmask from the concentrator is that it treats it the same as PPP. The default for this is to issue the default mask for the subnet class. For example 10.0.0.1 will always have the mask 255.0.0.0 and 192.168.0.1 will have the mask 255.255.255.0
Hope this helps.
05-05-2004 01:10 PM
We have the same problem. In our case, we are trying to assign a 10.203 address to the VPN clients. However, ACS is giving out a /8 subnet mask. This is a problem because it will think the entire 10.0.0.0 address space is local - not to mention other routing problem we will have with other subnets int eh 10.203 range. I don't understand why you can't just assing a specific mask for these IP Pools. Is there a command line option?
05-06-2004 01:11 AM
There is not a dynamic way to assign a specific mask. The only way would be to assign static addressess to clients. If you are worried about the routing of a particular subnet then you could use a subnet which as a default has the mask you require. The RAS/VPN device can then route/proxy the connection to any network the client needs to connects too.
07-09-2004 05:58 AM
We have the same trouble, ACS gives me a 8bit netmask when I want a 24bit one.
We saw something strange with VPN3000 and Radius : when we configure VPN3000 to give to the client a class C IP, in the VPN client's log, there is the attribute INTERNAL_IPV4_NETMASK with value 255.255.255.0 that is transmit to the client. If we use a class A (or B) IP, this attribute is not sent...
Does someone have an idea about that? And why not a solution to our netmask trouble?
Thank you
07-15-2004 01:35 AM
We solved this problem.. You have to upgrade ACS to version 3.3, this allows ACS to send Framed-IP-Netmask attribute to VPN 3000. So you can configure your netmask as you want.
07-15-2004 03:59 AM
Sorry for the mystake, it is the VPN3000 software that you have to upgrade to version 4.1.5
ACS doesn't need to be upgrade (for this trouble)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide