Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
341
Views
0
Helpful
1
Replies

Ip local pool - Vpn Client

dawsonpa
Level 1
Level 1

‎06-05-2003 06:35 AM - edited ‎02-21-2020 12:35 PM

Hello,

I have a pix which someone else configured.

The person configured the ip local pool to use a range of addresses which resides on the same subnet as the inside of the firewall.

Lets say the inside subnet is 192.168.5.1-254 /24 and the person has used 192.168.5.20-30 as the local pool.

When the user connects and he is assigned an address from this pool and he wants to go to a machine which resides on the DMZ (10.0.0.5) how will this work?

When the machine in the DMZ (10.0.0.5) responds to this query will the firewall not send it out of it's internal iterface which is the same subnet as the local pool - or will it know that traffic to this specific address (in the pool) should be popped into the tunnel.

Please help explain this to me?

Thanks

Paul

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎06-11-2003 06:58 AM

Yes, that does look like a case of poor design. The PIX will have issues with routing. In fact, the routes configured on your PIX should make interesting reading. Normally, a default route points out and a number of static routes corresponding to the networks on the inside network, point in. However, if there is natting configured between your ouside interface and DMZ such that the incoming addresses are natted, there should be no problem in differentiating the destinations at the DMZ. Look for (DMZ,outside) NAT statement in your configuration.

0 Helpful
Customers Also Viewed These Support Documents