12-18-2011 02:50 AM - edited 02-21-2020 05:46 PM
Hi,
I have a question regarding IPSec VPN gateway. When my client uses a cisco vpn client, I always get the first IP of my address pool as the default gateway. For example, If I assign the client IP in range 192.168.0.0/24, all the clients will get the default gateway of 192.168.0.1. Can we change this behavior to a partucular IP?
12-18-2011 05:48 AM
Why would you want to change the default gateway to another IP? Let me ask you this - if you connect to the VPN and recevie a /32 IP of 192.168.1.1. This IP is assigned to a virtual adapter on the client machine. If you change the DG to another IP - where does that IP exist? How does the VPN client know which interface/virtual adapter to encrypt and send the VPN traffic thru to get to the remote end??
This is normal for the VPN client.
12-18-2011 05:54 AM
Yes, I understand. The problem is my ASA/VPN terminator is not using that IP address and its already assigned to another device. The reason I want to change the IP is because I want to change it to use ASA IP address.
12-18-2011 07:38 AM
I agree to Andrew's explanation. You can't change the vpn client gw to ASA ip not just because you want to change it as you said above.
Logically, what you are saying is not even making sense. The traffic is initiated from your VPN adapter which is a non-routable address on the internet. Moreover, to go encrypted, it has to be encapsulated to your client's public ip address which will then reach the local ISP gw, then to ISP and then taking other hops it would reach your ASA. By asking for your ASA's IP address as the gw for vpn client, you are somewhat asking to have some IP address on the internet to be your local VPN machine's IP address. Hence, this makes no sense.
bdw, by your statement,"already assigned to another device" are you saying that the 192.168.0.1 is already assigned to some other vpn device? if that's so that it does not matter, because the gw address that you see on vpn client machine is specific to that machine only.
Hope the other side of the explanation makes sense to you and clarifies your doubt.
12-27-2011 06:29 PM
Hi Mopaul,
you are correct. Somehow I focused on the dummy gateway that Cisco VPN client put. But I remember that the traffic to be put on the vpn interface is defined on the access-list on the tunnel property. Thanks for the discussion guys.
12-29-2011 12:37 PM
Hi Prima,
Glad i could answer your query and provide some clarification on the thoughts here.
Kindly rate all useful posts/comments and mark them as answered while ending the discussions. This helps other users on forum with similar queries.
Cheers...!!!
Regards,
mopaul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide