Default Gateway address for multiple VPN users/clients

Hello,
We need some help with a VPN setup for a school project.
What we want to do:
We would like to have aprox. 10 different VPN uses that can connect to our Windows Server 2012 R2 which is setup as a VPN server, by the Role called Remote access. And the VPN server is working and we are able to connect to it from another location/computer.
Our current setup:
We have a Cisco router, that are configured with 10 Vlans, from Vlan 10 to Vlan 20, and a managament Vlan called Vlan 100.
The Cisco router is also acting as DHCP server, so inside each Vlan the DHCP gives IP addresses to that specific Vlan, Ex: Vlan 10 has a 192.168.10.0/24 network. Vlan 11 has a 192.168.11.0/24 network, and so on. Vlan 100 has 192.168.100.0/24 This Vlan 100
has connection to all the Vlans.
We have internet connection on the Router on port 0 and each Vlan are connected to the internet.
We have setup the VPN server with a static IP configuration so it is inside Vlan 100 with a Default gateway, like 192.168.100.1 So the VPN server is connected to the internet.
In AD we have created a User and assigned a static IP address in the user properties, under the Dial-In tab. Here we give this user this IP 192.168.10.225
Now when we connect to the VPN server useing this user, we have no connection to any of the Vlans (ping) and no internet. When we in cmd write ipconfig we can see that our VPN connection has this IP 192.168.10.225 but a Subnet called 255.255.255.255 and
a Default gateway called 0.0.0.0
We would like the user to recieve the correct IP settings like: If we connect with our user, it should recieve the IP as it does, but also a subnet called 255.255.255.0 and a default gateway called 192.168.10.1
How is this achieved?
The reason we want this is: We want to create a VPN user for each Vlan. So a user with permission to access Vlan 10 but are not able to see the other Vlans, and then a new user to access Vlan 11 but not able to see the other vlans, and so on.
Hope someone is able to help us to understand how this is done.
Thank you in advance.

Hi,
In brief, we can't achieve this. Normally, we would not do this.
Usually, we use firewall or ACL to restrict the remote users.
For example, 192.168.10.100 is assigned to user1 and 192.168.10.101 is assigned to user2. We can use firewall to restrict 192.168.10.100 to access 192.168.10.0/24 and 192.168.10.101 to access 192.168.11.0/24.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Similar Messages

  • User's default email address for use with Answers

    How to use user's default email address for use with Answers?
    When I was referring to the Admin Guide I found the below description for email session variable.
    Can somebody please help me with this.
    Contains the user's default email address for use with Answers. If the delivery option of Answers is enabled, an email device using this address will be created for the user upon first log in. Users can override this address by changing their account settings in Oracle BI Presentation Services.
    Thanks,
    Swetha

    I think the documentation is wrongly saying that it will be used by Answers. The email will be used by Delivers, the BI Scheduler component.

  • Authentication for easy vpn users using windows ad and xauth on pix firewa

    Hii
    We need to authenticate the VPN client users from windows as pix as the network device where all vpn configuration done
    Need the accounting for those vpn users.
    Thanks
    Manish GaurPlease guide me

    Manish,
    Which version of the pix os are you running 6.x.x or 7.x.x. If your using 6 your have to use radius. Follow this guide for radius:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00800b6099.shtml
    For the actual pix configuration its easiest to run through the vpn wizard in PDM (PIX Device Manager)
    The radius guide should work for 7.0 if you run the ADSM Wizard for the vpn portion.
    Patrick
    Please rate any posts that are helpful.

  • Get Default Gateway Address from BB app

    Hi,
    I need to get the WIFI default gateway address from an application. I searched in all the forum without a positive result. Some people talks about using WLanInfo but it does not provide the default gateway address.
    Can anyone help me?
    Thanks!

    same question as before... are you developing an application?
    http://supportforums.blackberry.com/t5/Downloaded-applications-for/Get-Default-Gateway-Address-from-...
    1. If any post helps you please click the below the post(s) that helped you.
    2. Please resolve your thread by marking the post "Solution?" which solved it for you!
    3. Install free BlackBerry Protect today for backups of contacts and data.
    4. Guide to Unlocking your BlackBerry & Unlock Codes
    Join our BBM Channels (Beta)
    BlackBerry Support Forums Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • Get default gateway address

    Dear all
     i saw a function in TCP library that can get the host address.  but do somebody now how to get the default gateway address ?
    e.g
    IP  192.168.0.4            ( this ip can obtain by get host address function )
    subnet 255.255.255.0
    deault gateway 192.168.0.1
    B.R
    Gerry
    Solved!
    Go to Solution.

    Hey Gerry -
    To get the default gateway, you'll want to use the Win32 IP Helper API.  Unfortunately, this portion of the Win32 API is only available to users of the Full LabWindows/CVI package. 
    To retrive IPV4 information about your network adapters, you can use the function GetAdaptersInfo.  If you need IPV6 information, you'll need to use GetAdaptersAddresses.  I wrote a quick example of using GetAdaptersInfo and attached it, you can see the output below:
    Let me know if you have any questions -
    NickB
    National Instruments
    Attachments:
    DisplayIPInfo.c ‏3 KB

  • Can I use the same email address for multiple seats in Creative Cloud for Teams?

    Can I use the same email address for multiple seats in Creative Cloud for Teams?

    No. http://www.adobe.com/products/creativecloud/faq.html
    Can I buy more than one membership to an individual offering of Creative Cloud? 
    No, Adobe has moved to identity-based licensing with a technology that will not support multiple same-product licenses, so you can buy only one membership per Adobe ID. If you need two Creative Cloud memberships, you will need to purchase each with a unique Adobe ID. You can also purchase a Creative Cloud for teams membership, which allows you to purchase and manage multiple seats under one account.

  • How can you use the same e-mail address for multiple ipads?

    I have two iPads.. an iPad and an ipad 2.  I registared my new ipad 2 and now my old ipad is will not let me log on and is telling me that my e-mail address is already in use.  how can you use the same e-mail address for multiple ipads?

    And by using the same Apple ID you can also share purchases.  If you have a different Apple ID for each iPhone then you can't share purchases.

  • How can I set the default home page for all new users in Firefox 4

    I'm trying to deploy FF 4.0rc1 in a corporate environment but I can't find a way to set the default home page or any other settings for that matter.
    Is there a way to set the default home page for all new users and lock it so that the users can't change home page?
    Best regards
    Jonas

    In Firefox 4 the template folder for new profiles (C:\Program Files\Mozilla Firefox\defaults\profile\
    ) doesn't exist. You can create that \defaults\profile\ folder and place a file user.js in it with the prefs that you want to initialize.
    See:
    *http://www-archive.mozilla.org/catalog/end-user/customizing/briefprefs.html
    You can also use a mozilla.cfg file to set the default value for prefs.<br />
    See: http://kb.mozillazine.org/Locking_preferences
    defaultPref(); // set new default value
    pref(); // set pref, but allow changes
    lockPref(); // lock pref, disallow changes

  • What is this ?   com.apple.audio.DriverHelper[162]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelVideoContextMain.

    What is this ?   com.apple.audio.DriverHelper[162]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelVideoContextMain.

    What is this ?   com.apple.audio.DriverHelper[162]: The plug-in named AirPlay.driver requires extending the sandbox for the IOKit user-client class IGAccelVideoContextMain.

  • Ip address for multiple printers

    Can somebody please help me to get the ip addresses for multiple printers. I have got the printer names from print management - export list. I have it in a csv file but need their ip addresses too..

    <#
    Script to get printer names based on a CSV list of printer IPs.
    Sam Boutros - 12/30/2014 - v1.0
    #>
    # Input:
    $CSV = 'x:\sandbox\MyPrinters.csv'
    # Processing:
    $Printers = Import-Csv $CSV
    $UpdatedPrinters = $Printers | where { $_.Name -eq $null } | Select IP , @{
    Name = 'Name'
    Expression = { $IP = $_.IP; (Get-Printer | where { $_.PortName -eq "IP_$IP" }).Name }
    # Output:
    $UpdatedPrinters | FT -Auto
    $UpdatedPrinters | Out-GridView
    $UpdatedPrinters | Export-Csv $CSV -NoType
    Start with a CSV file that looks like:
    IP
    192.168.0.10
    192.168.0.111
    192.168.0.12
    192.168.0.13
    End up with updated CSV file like:
    Note that you're picking up the Printer name from the Windows computer where you run this script. If the computer does not have all the printers in the CSV list, you need to run the script on several computers to get the full list populated. The script is
    designed to allow that. If the printer has different names on different computer, the script will retain the first match.
    You could actually add it to a logon script in a domain environment (without the out-gridview part of course), to collect all printer names - CSV path can be UNC path. Keep it for a day or so and then remove it.
    Or you could run it against several computers - one at a time - using PS remoting..
    Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________
    Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

  • What is the default ip address for the Time Capsule and Airport Extreme?

    What is the default ip address for the Time Capsule and Airport Extreme?

    Open Airport Utility to find out the real IP address of the network connection. DHCP addresses are assigned by the router in the range chosen in Airport Utility.

  • AAA static IP address for RA VPN Client

    Hi,
    my vpn group and VPN POOL  is locally created in Cisco VPN router but users are authenticated through ACS, AAA server via TACACS. Now I want to assign the static ip address to VPN Client. Everything is fine but due to the application problem I want to give them the static Ip address from the VPN Pool. I have greated one pool in AAA server and also configure the client in AAA to get the static ip address but unable to do this. Please help me out how to do this.
    My router is configured for TACACS+. I have checked the user configuration in AAA server to get the static ip address but it is not working. Please help me out how to do this. I cant change Router to Radius but this is my main router which is configured for 160 sites through ISDN and these sites also configured for TACACS+.
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2 
    crypto isakmp client configuration group Aviation-VPN
    key egntosc
    pool aviation-pool
    acl avi-tunnel
    save-password
    netmask 255.255.255.0
    crypto isakmp profile vpnclient
       match identity group Aviation-VPN
       client authentication list default
       isakmp authorization list Aviation-authorization
       client configuration address respond
    crypto ipsec transform-set aviset esp-3des esp-sha-hmac
    crypto dynamic-map avi 10
    set transform-set aviset
    set isakmp-profile vpnclient
    reverse-route

    Since you're using ACS, I believe the way to do this is to
    go into ACS, and select the username of the user that you want
    to get the static IP. Under that user's setup, there is an option to
    always assign the same IP. Just select that and enter the IP you
    want them to get. - chris

  • Can I set a default Playback preference for multiple users on same PC?

    I am setting up an editing suite for our University which has a "per machine" Creative Cloud licence. It is a PC installation. This machine will be used by a class of students who will log in with their own credentials. I need to set the preferences for Premiere (video output, workspace layout, default drives etc) so that it will be the same for all users logging in since we want a consistent setup for teaching purposes and dont want to have to help each student set up so that it shows correctly on the monitors. Is there a way of saving this setting as the default for every user?  In particular, as we have dual monitors, we want to save the preferences - Playback to always appear on the second monitor. This is really important for us - I need an answer before building more suites.
    (Adobe won't let me ask them directly, so I have to wait for someone to provide an anwser on the forums... not great customer support in my book)

    Firstly...is  this editing suite for the purpose of teaching editing or something else?
    Next ...what is your experience with PPRo?
    You can set up the machine(s) initially exactly how you want them  in regards to hardware and screen layouts etc.  Thats easy and can be called..'University of Waikato Default Edit Workspace' for example. That is  only part of it though.
    You can set up and share a common Key Board Short cut Preference File.  Same as Export Presets.
    There is no way you can "Default" all the USERS stuff for individual unique projects  though without creating a massive potential for disaster and confusion.
    Each will need to have access to many separate drive locations for their media (audio, graphics, footage) and the knowledge to create, access and locate it.
    THey will each need a separate Location for their Projects as well as their media.
    If they are editing students...they should be taught how to set up everything for themselves so they have an understanding of the fundamentals and basic s of NLEs

  • Default outgoing email address for multiple emails

    How do I set up one of my many email addresses on my I-phone to be the default outgoing email for all of them?

    If you have set up one of your email accounts to be the default, all emails sent from outside of the email app will be sent from that email address.  The default email account will be used if a new email is created in the All Inbox.  If you reply to an email or initiate an email from within a given email account, I guess it assumed that you want it to go out as that email address.

  • Default Gateway when connected to VPN

    Thanks for reading!
    This is probably a dump question so bear with me...
    I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
    My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
    This is who it looks like now:
            Anslutningsspecifika DNS-suffix . : VPNOFFICE
            IP-adress . . . . . . . . . . . . : 10.10.10.1
            Nätmask . . . . . . . . . . . . . : 255.255.255.0
            Standard-gateway  . . . . . . . . :
    The internal network is :
    172.16.12.0 255.255.255.0
    Below is my config for the ASA, thanks a lot!!!!!!!
    !FlASH PÅ ROUTERN FRÅN BÖRJAN
    !asa841-k8.bin
    hostname DRAKENSBERG
    domain-name default.domain.invalid
    enable password XXXXXXX
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 172.16.12.4 255.255.255.0
    interface Vlan10
    nameif outside
    security-level 0
    ip address 97.XX.XX.20 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 10
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    ftp mode passive
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    dns server-group DefaultDNS
    domain-name default.domain.invalid
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
    access-list MSS_EXCEEDED_ACL extended permit tcp any any
    access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
    access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
    tcp-map MSS-MAP
      exceed-mss allow
    pager lines 24
    logging enable
    logging timestamp
    logging buffer-size 8192
    logging console notifications
    logging buffered notifications
    logging asdm notifications
    mtu inside 1500
    mtu outside 1500
    ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any outside
    asdm image disk0:/asdm-625-53.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list nonat
    nat (inside) 1 172.16.12.0 255.255.255.0
    route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    http server enable
    http 172.16.12.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh 172.16.12.0 255.255.255.0 inside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    group-policy VPNOFFICE internal
    group-policy VPNOFFICE attributes
    dns-server value 215.122.145.18
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value VPN-SPLIT-TUNNEL
    default-domain value VPNOFFICE
    split-dns value 215.122.145.18
    msie-proxy method no-proxy
    username admin password XXXXXX privilege 15
    username Daniel password XXXXX privilege 0
    username Daniel attributes
    vpn-group-policy VPNOFFICE
    tunnel-group VPNOFFICE type remote-access
    tunnel-group VPNOFFICE general-attributes
    address-pool VPN
    default-group-policy VPNOFFICE
    tunnel-group VPNOFFICE ipsec-attributes
    pre-shared-key XXXXXXXXXX
    class-map MSS_EXCEEDED_MAP
    match access-list MSS_EXCEEDED_ACL
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
      inspect icmp error
      inspect pptp
      inspect ipsec-pass-thru
      inspect icmp
    class MSS_EXCEEDED_MAP
      set connection advanced-options MSS-MAP
    service-policy global_policy global
    privilege cmd level 3 mode exec command perfmon
    privilege cmd level 3 mode exec command ping
    privilege cmd level 3 mode exec command who
    privilege cmd level 3 mode exec command logging
    privilege cmd level 3 mode exec command failover
    privilege cmd level 3 mode exec command packet-tracer
    privilege show level 5 mode exec command import
    privilege show level 5 mode exec command running-config
    privilege show level 3 mode exec command reload
    privilege show level 3 mode exec command mode
    privilege show level 3 mode exec command firewall
    privilege show level 3 mode exec command asp
    privilege show level 3 mode exec command cpu
    privilege show level 3 mode exec command interface
    privilege show level 3 mode exec command clock
    privilege show level 3 mode exec command dns-hosts
    privilege show level 3 mode exec command access-list
    privilege show level 3 mode exec command logging
    privilege show level 3 mode exec command vlan
    privilege show level 3 mode exec command ip
    privilege show level 3 mode exec command ipv6
    privilege show level 3 mode exec command failover
    privilege show level 3 mode exec command asdm
    privilege show level 3 mode exec command arp
    privilege show level 3 mode exec command route
    privilege show level 3 mode exec command ospf
    privilege show level 3 mode exec command aaa-server
    privilege show level 3 mode exec command aaa
    privilege show level 3 mode exec command eigrp
    privilege show level 3 mode exec command crypto
    privilege show level 3 mode exec command vpn-sessiondb
    privilege show level 3 mode exec command ssh
    privilege show level 3 mode exec command dhcpd
    privilege show level 3 mode exec command vpnclient
    privilege show level 3 mode exec command vpn
    privilege show level 3 mode exec command blocks
    privilege show level 3 mode exec command wccp
    privilege show level 3 mode exec command webvpn
    privilege show level 3 mode exec command module
    privilege show level 3 mode exec command uauth
    privilege show level 3 mode exec command compression
    privilege show level 3 mode configure command interface
    privilege show level 3 mode configure command clock
    privilege show level 3 mode configure command access-list
    privilege show level 3 mode configure command logging
    privilege show level 3 mode configure command ip
    privilege show level 3 mode configure command failover
    privilege show level 5 mode configure command asdm
    privilege show level 3 mode configure command arp
    privilege show level 3 mode configure command route
    privilege show level 3 mode configure command aaa-server
    privilege show level 3 mode configure command aaa
    privilege show level 3 mode configure command crypto
    privilege show level 3 mode configure command ssh
    privilege show level 3 mode configure command dhcpd
    privilege show level 5 mode configure command privilege
    privilege clear level 3 mode exec command dns-hosts
    privilege clear level 3 mode exec command logging
    privilege clear level 3 mode exec command arp
    privilege clear level 3 mode exec command aaa-server
    privilege clear level 3 mode exec command crypto
    privilege cmd level 3 mode configure command failover
    privilege clear level 3 mode configure command logging
    privilege clear level 3 mode configure command arp
    privilege clear level 3 mode configure command crypto
    privilege clear level 3 mode configure command aaa-server
    prompt hostname context
    Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
    : end

    I didn't realise I had that crypto settings on, thanks my bad!!!
    But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
    The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
    the vpn network is staticly routed back to my ASA in that firewall...
    I don't like this solution.. but this is who it looks.. for now..
    (VPN network is 10.10.10.X/24)
    But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
    THANKS for all the help!

Maybe you are looking for