04-01-2010 09:33 AM
Hi VPN Group,
I've at least one user who works from home a fair amount, has a new PC with Windows XP, latest service packs and is using the Cisco VPN 5.x client to connect to our VPN 3000 concentrator. The user's home network is using the 192 IP scheme and our VPN connection network is using a 10.X scheme. When the user connects her registered IP is her 192 from her home network. That's causing issues with her ability to use applications while connected via VPN...we have to manually change her IP number in DNS. None of the ipconig /register suggestions by MS works, rebooting her PC, etc., doesn't remedy the problem.
Any suggestions would be appreciated.
~Steve
04-01-2010 10:23 AM
Hi,
The remote user has an IP 192.x.x.x
The 3000 should assign from a pool an IP from the 10.x.x.x network when it connects via VPN.
In this way, when connected via VPN, the remote client will work with an address belonging to 10.x.x.x
In this scenario, she should still be able to work through the tunnel, to the internet and locally.
The question is:
Do you have split tunneling configured? Is she sending all IP traffic through the tunnel (or only the traffic intended to the VPN headend)?
You can choose which IP to assing to the client and which traffic to send through the tunnel to avoid any conflict between IPs.
Federico.
04-01-2010 10:40 AM
Federico,
Yes, the VPN should assign her a 10.X address, but for whateve reason its not. No other user has this issue. Other users login and get assigned the proper 10 dot address while connected to our VPN. We do not have split tunneling applied as a matter of policy.
~Steve
04-01-2010 10:55 AM
Is she connecting to a separate independent VPN group from all the other clients?
If this is the case, perhaps there's a policy for that group to not assign an IP address?
Federico.
04-01-2010 10:58 AM
No, our corporate people all connect to one VPN and using one corporate VPN policy.
04-01-2010 11:03 AM
Check if there's any difference on the user profile configuration for her from the other clients.
The per-user policies override the global policies for VPN.
Federico.
04-01-2010 11:03 AM
No, our corporate people all connect to one VPN and using one corporate VPN policy.
04-01-2010 11:12 AM
Is this something particular to her machine?
If she attempt to connect from the same location with a different computer, the same thing happen?
Or if she attempts to connect with the same machine from a different location?
Federico.
04-01-2010 01:55 PM
Did you look at the logs on the concentrator and the client? Was this client working successfully before the new PC? Is the address being assigned by the VPN concentrator, a DHCP server or an authentication server?
Here's an example of setting up address assignment on the concentrator, along with some troubleshooting tips.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide