Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1812
Views
0
Helpful
4
Replies

IPsec tunnel mode and what IP pool use for it

Go to solution
julianov403
Level 1
Level 1

‎11-19-2017 03:28 PM - edited ‎03-12-2019 06:23 PM

Hello. 

 

I need to implement a VPN using IPsec ESP protocol in tunnel mode and the VPN clients must get an IP from the IPsec server. I was watching videos regarding the configuration of it and all implement a DHCP with another subnet for the VPN client. What the reason for this? 

 

For example, for lan the DHCP use a pool like this: 192.1687.0.0/24 and the VPN would use 192.168.1.0/24 

 

Thanks in advance. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎11-20-2017 12:15 AM

One reason to use the inside network of the VPN-gateway as the VPN-pool ca be simplicity of the network-setup. Routing will automatically be correct also when the internet-firewall and the VPN-gateway are different devices.

But using an own IP-Pool will be a more clean design.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Flavio Miranda
VIP
VIP

‎11-19-2017 06:24 PM

Hi @julianov403

Must have more then one reason but mostly because who provides DHCP for VPN users is usually the firewall whilst regular LAN users has a different DHCP server.

 There's no gain to have both kind of users on the same scope.

 

-If I helped you somehow, please, rate it as useful.-

  

0 Helpful

Go to solution
julianov403
Level 1
Level 1
In response to Flavio Miranda

‎11-19-2017 06:28 PM

Thanks, Flavio. I think I got you. So, there is different DHCP server for VPN and LAN. right? Can we make the same for both?

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to julianov403

‎11-19-2017 06:53 PM

For simplicity all implementation I've saw so far uses the firewall as dhcp server.

 But is possible. For example, the fragment of config, could work:

hostname(config)# vpn-addr-assign dhcp
hostname(config)# tunnel-group firstgroup type ipsec-ra 
hostname(config)# tunnel-group firstgroup general-attributes
hostname(config-general)# dhcp-server x.x.x.x

 

-If I helped you somehow, please, rate it as useful.-

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎11-20-2017 12:15 AM

One reason to use the inside network of the VPN-gateway as the VPN-pool ca be simplicity of the network-setup. Routing will automatically be correct also when the internet-firewall and the VPN-gateway are different devices.

But using an own IP-Pool will be a more clean design.

0 Helpful
Customers Also Viewed These Support Documents