Incorrect Default Gateway for Clients using a Concentrator

Hey all,
Hopfully an easy one - I'm trying to configure a VPN Concentrator for use with the old VPN Client for an IPSec CVPN.
The clients connect fine, but they are getting the incorrect default gateway during the address assignment.
My address pool is 192.168.0.128/25.  The client correctly picks up the first address in the range, 192.168.0.129, but the default gateway for the VPN adapter is assigned as the next address in the range, 192.168.0.130.
I need the gateway address to be 192.168.0.254 (the SVI of the L3 switch connected to the Concentrator), but I can't for the life of me fine a configuration option anywhere in the pool assignment.  I've set the tunnel default gateway to this 192.168.0.254, but this makes no difference.
Any ideas where I can find this config option?
Thanks!

Andrew
In the chart that you posted about the routing setup it refers to a DMZ network and DMZ gateway. Can you clarify what these are since I do not see them in the drawing that is in that post?
I agree with Herbert that it is cleaner to have the address pool on the concentrator use addresses that do not overlap with the concentrator subnet connecting to the layer 3 switch. And as long as the layer 3 switch has a route to that address pool, and the next hop in the route is the address of the concentrator interface then the separate pool addressing should work just fine.
I have re-read this thread and want to make sure that after some changes that you have made that the problem symptoms are still the same. You told us earlier that: "Now the client can ping the interfaces on its local LAN (concentrator  interface 192.168.0.253, and the L3 switch, 192.168.0.253), but it  cannot reach the rest of our internal LAN behind the layer 3 switch." Is this still an accurate statement of the problem?
As Herbert said earlier this could either be caused by the concentrator not have a correct route for the inside or it could be  because the inside does not have a correct route to the client. In re-reading your description of the routing set up it looks like the concentrator has a default route configured but not the tunnel default route. May I suggest that you try configuring a tunnel default route (in addition to the normal default route) and see whether that makes any difference?
If that does not help the problem then I would suggest that you verify that the devices on the inside do have their default gateway set correctly and that the layer 3 switch does have a route for the VPN address pool with the concentrator interface address as the next hop.
HTH
Rick
[edit] I just focused on the question that you asked about the concentrator possibly needing a route for the address pool. The concentrator does not need any route statements for the address pool - it knows its own address pool, pretty much like having a connected interface subnet. The layer 3 switch is what needs a route for the address pool.

Similar Messages

  • Can I create a fillable pdf form and then export it for client use on my web site?

    Can I create a fillable pdf form and then export it for client use on my web site?  I need clients to be able to fill in the (registration) form on my site then submit it via email.

    [discussion moved to Creating, Editing & Exporting PDFs forum]

  • Trying to activate serial number after entering redemption code and continues to say invalid serial number. Installing on Server 2012 R2 for client using RDS. HELP.....

    trying to activate serial number after entering redemption code and continues to say invalid serial number. Installing on Server 2012 R2 for client using RDS. HELP.....

    Thank you guys for the quick answer! Muche appreciated
    I've tried all suggested solutions, but no luck :-(
    - tried http://support.microsoft.com/kb/2765260 > no help and by the way the hotfix provided is not applicable for 2012 R2.
    also tried "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regii -enable -i" and got this :
    Microsoft (R) ASP.NET RegIIS version 4.0.30319.33440Administration utility to install and uninstall ASP.NET on the local machine.Copyright (C) Microsoft Corporation.  All rights reserved.Start installing ASP.NET (4.0.30319.33440).This option is not supported on this version of the operating system.  Administrators should instead install/uninstall ASP.NET 4.5 with IIS8 using the "Turn Windows Features On/Off" dialog,  the Server Manager management tool, or the dism.exe command line tool.  For more details please see http://go.microsoft.com/fwlink/?LinkID=216771.Finished installing ASP.NET (4.0.30319.33440).
    http://social.technet.microsoft.com/wiki/contents/articles/14582.sharepoint-2013-install-prerequisites-offline-or-manually-on-windows-server-2012-a-comprehensive-guide.aspx
    > is not for 2012 R2.
    For the automated install script (http://gallery.technet.microsoft.com/office/DownloadInstall-SharePoint-e6df9eb8) Craig mentions that the script are not yet compatible
    "SharePoint 2013 SP1 and Windows Server 2012 R2 support coming soon
     I will be updating this script with support for SharePoint 2013 Service Pack 1 installations along with support for Windows Server 2012 R2 in the near future. Thank you to everyone for the interest in my scripts - it is much appreciated! "

  • Management port for management switch(2960x) / IP default-gateway for L2 management switch

    1)   
    I am going to connect all mgmt ports of server to this access switch (L2; 2960x) like below. Then I have a management port in 2960x (FastEthernet / L3 port). As you can see below, even though one of Core switch is down, I am able to access through the other Core switch for mgmt SW. Do I need this FastEthernet port of 2960X?
    Core Pri -------  Core Sec   (Core Pri 192.168.1.2 / Sec 192.168.1.3 / HSRP VIP 192.168.1.1)
                mgmt SW ----- (FastEthernet0) ------ Goes to where? I don't have RAS (Remote Access Server)
                      |
                      |
          servers' mgmt ports
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swint.html#wp2220949
    2) From server side, server put default gateway (192.168.0.1) so if destination is not known, it dumps all to default gateway. This is L3. I understand this. What about L2 default gateway from switch itself? The L2 access switch supports "ip default-gateway" command. I know that without this command still servers do not have any problems to connect to network. Then this command is for switch (2960x) itself? i.e I log into the switch and ping google.com then switch will try to resolve through DNS, but if DNS is not set up in the switch, it sends all traffic to "ip default-gateway"? Is it right?
    3) If L2 (Access) switch has multiple data vlans and mgmt vlan (10.0.0.0/24  10.0.10.0/24 192.168.0.1). Then what will be the "ip default-gateway" for this switch?
    Thanks for your time and knowledge.
    ======================== Reference from Cisco regarding ip default-gateway --------------------------------------
    How to configure the ip default-gateway command on a Cisco 3550 series switch
    VERSION 2 
    Resolution
    To define a default gateway when IP routing is disabled, issue the ip default-gateway global configuration command. Then, enter the IP address of the next-hop router interface that is directly connected to the switch where a  default gateway is being configured.
    The default gateway receives IP packets with unresolved destination IP addresses from the switch. Once the default gateway is configured, the switch has connectivity to the remote networks with which a host needs to communicate.
    Note: When the switch is configured to route with IP, it does not need to have a default gateway set.
    For more information, refer to Assigning the Switch IP Address and Default Gateway.
    ip default-gateway
    https://supportforums.cisco.com/docs/DOC-5090

    Vlan 99 is management port. This is an access switch. I am accessing this swtich through SSH remotely (10.1.2.x)
    WirelessSWLab#sh ip int b
    Interface              IP-Address      OK? Method Status                Protocol
    Vlan1                  unassigned      YES NVRAM  administratively down down   
    Vlan99                 10.1.99.35      YES manual up                    up     
    GigabitEthernet0/1     unassigned      YES unset  up                    up     
    GigabitEthernet0/2     unassigned      YES unset  down                  down   
    GigabitEthernet0/3     unassigned      YES unset  down                  down   
    GigabitEthernet0/4     unassigned      YES unset  down                  down   
    GigabitEthernet0/5     unassigned      YES unset  down                  down   
    GigabitEthernet0/6     unassigned      YES unset  down                  down   
    GigabitEthernet0/7     unassigned      YES unset  down                  down   
    GigabitEthernet0/8     unassigned      YES unset  down                  down   
    GigabitEthernet0/9     unassigned      YES unset  down                  down   
    GigabitEthernet0/10    unassigned      YES unset  down                  down   
    GigabitEthernet0/11    unassigned      YES unset  down                  down   
    GigabitEthernet0/12    unassigned      YES unset  down                  down   
    GigabitEthernet0/13    unassigned      YES unset  down                  down   
    GigabitEthernet0/14    unassigned      YES unset  down                  down   
    GigabitEthernet0/15    unassigned      YES unset  down                  down   
    GigabitEthernet0/16    unassigned      YES unset  down                  down   
    GigabitEthernet0/17    unassigned      YES unset  down                  down   
    GigabitEthernet0/18    unassigned      YES unset  down                  down   
    GigabitEthernet0/19    unassigned      YES unset  down                  down   
    GigabitEthernet0/20    unassigned      YES unset  down                  down   
    GigabitEthernet0/21    unassigned      YES unset  down                  down   
    GigabitEthernet0/22    unassigned      YES unset  down                  down   
    GigabitEthernet0/23    unassigned      YES unset  down                  down   
    GigabitEthernet0/24    unassigned      YES unset  up                    up     
    WirelessSWLab#

  • SP Online - Managed Metadata column Default Value for folders (using CSOM)

    Hello,
    I am working on setting default values (metadata columns)  for different folders on my document library. As so far, I've found solution about how to set default values on whole library and many solutions which works for folders, but not for sharepoint
    online (using metadataDefaults object).
    The only working solution for folders in SPO I've found is editing file library/Forms/client_LocationBasedDefaults and add some data here.
    My question is: is there any easier method to set default values for each folder in document library without manually editing this file? 

    I second that, I have a client looking to do the same thing but I don't see a way to automate this.

  • Best practice to change default gateway for HA-CAM

    Hi,
    The next week end, i will have a downtime to change it's HA-CAM's default gateway.
    My question is, how can i do that?.
    This change is not synchronized if i change only from an active cam (service Ip) o it does?
    I was thinking on stops services for standby cam, then connect to a service ip, change its default gateway to active cam, then stops services and start them for standby cam and so on...
    This is correct or this idea is wrong?
    Please, I need suggestions.
    Thanks for advance.

    Kaylan
    If the user vlan is routed on a L3 device before going to either the MPLS router or the firewall you could use PBR on the L3 device (if supported).
    But as Reza says, we need more info on your network layout.
    Jon

  • How  to set default value for Zfeild using statusprofile

    hi experts,
    I need to set a default value for a zfeild using status profile.Although we can default the values,using getter and setter methods,but in my requirement,the feild will be defaulted when the page is locked,also in display mode,which will require me to write code to unlock then set the value and then write a commit,as there wont be any user action performed.
    I have created a zstatus profile and have set the required status to inital,but no luck
    please suggest if this canbe achived through status profile.
    Regards
    Anu.

    Hi,
    You can check in the getter if the Page is locked and then display the value to want to display. Note that this will be just Displaying the default value for the Zfield and it will not set the default value into  the Zfield in DB, because when the document is locked ( means locked for editing - mostly when system status is completed ) , setters are not called and so you can display the value but cant set it. This is fine if the value you want to display in Z field is just for user's informations and its not required to save this default value.
    The best approach would be to set the value in the Zfield before the page is locking. For example, If you wat to set the zfield value when status is set to "Completed" , then you can configure an action that is 1) triggered during saving of the document with 2) start condition "When status is completed"  ( both 1 and 2 you can mention in action defination ), then Implement this action badi in which you can set the Zfield to default value.
    This will ensure that default value is always set whenever the page is getting locked for editing ( i assumed that page lock means status completed ).
    Thanks & Regards
    Suchita

  • Upload captivate file to my website for client use?

    If i upload the interactive captivate file to my website for clients to train their employees, would my client be able to:
    1. click to advance each slide
    2. take the quiz that include referring back to a slide when the answer is wrong
    3. print a certificate of completion.
    Is the possible?

    Shekhar,
    Unless the user's web server is a SCORM or AICC compliant LMS there's no point telling them to set this reporting option.  You can have a web server WITHOUT it being an LMS.  I don't see anywhere in the original poster's text that they state they were using an LMS.
    For a web server to be compatible with Captivate outputs the only requirements are that it can serve HTML, SWF, and JS files, not necessarily that it must be SCORM content.

  • Setting Default values for field using custom.pll

    Hi All,
    I have an rquirement to set the default values on Meterial Tranasction screen for some condition
    I tried it in both ways via Form Personalization and using custom.pll
    i m using the following code in custom.pll
    form_name      varchar2(30):= name_in('system.current_form');
    block_name varchar2(30):= name_in('system.cursor_block');
    trx_type           varchar2(30);
    subinv                varchar2(30);
    begin
    if form_name='WIPTXMAT' and block_name ='MTL_TRX_LINE' then
    if event_name ='WHEN-VALIDATE-RECORD' then
         trx_type:=name_in('WIPTXMAT.TRANSACTION_TYPE');
    if trx_type ='WIP Return' THEN
         copy(10,'MTL_TRX_LINE.TRANSACTION_QUANTITY');
              copy(10,'MTL_TRX_LINE.NUMBER_OF_LOTS_ENTERED');
              sinv:=trim(name_in('MTL_TRX_LINE.SUBINVENTORY_CODE'));
              if sinv is null then
                   copy(subinv,'MTL_TRX_LINE.SUBINVENTORY_CODE');
                   copy(fr_locator,'MTL_TRX_LINE.LOCATOR');
                   FND_MESSAGE.SET_STRING(sinv);
                   FND_MESSAGE.SHOW;
              end if;
         end if;
    end if;
    end if;
    end event;
    Problem is that default values are getting set but not for all rows . if there are 4 records then values are set for only first 2 rows and if there are 2 rows then defaults are set for 1st row only.
    Same behaviour happens when i do it via form personalization
    i couldn't understand the behaviour of WHILE-VALIDATE-RECORD event..
    Please provide some suggestion on it. its really urgent.
    Thanks in Advance
    Renu

    Works Now...

  • Change content of default.aspx for subsites using Powershell

    Hi.
    I need to update the content of the default.aspx of 60+ subsites in a site Collection. I am able to loop all subsites and get the corresponding default.aspx files using a PowerShell snippet like:
    $site = Get-SPSite -WebApplication https://mysite.domain.no/ -Limit All
    $wc = $site.allwebs | where {$_.url.StartsWith(https://mysite.domain.no/sites/blahblah/blahblahblah) }
    foreach ($web in $wc){
    $file = $web.GetFile("default.aspx")
    The problem is I don't know whether to use the Set-Content command-let or an XMLDocument approach.
    I have the file With the correct content on the local machine. I tried With $file.Parentfolder in order to use
    $f = $web.GetFolder($file.ParentFolder)
    $fc = $f.files
    Get-ChildItem "C:\temp\default.aspx" | foreach {
    $spFileCollection.add($($_.Name),$_.OpenRead(), $true)
    to replace the file but this gives an error on empty folder. Can I use this approach or is there a way to change the actual content of the file?

    Hi Jorgen,
    According to your description, my understanding is that you want to update the page content using PowerShell.
    I suggest you read the content data like below:
    $data = $file.OpenBinary()
    $encode = New-Object System.Text.ASCIIEncoding
    $test = $encode.GetString($data)
    Then you can change the string you want, and then you can save it using SaveBinary() method.
    Here are some detailed articles for your reference:
    Reading the contents of a SharePoint library file using PowerShell
    Using powershell to read/modify/rewrite sharepoint xml document
    Best Regards
    Zhengyu Guo
    TechNet Community Support

  • Set default quota for farm using powershell

    Hello, 
    Looking for a powershell solution to creating a default quota template. So when new sites are created they default to that quota, or can be changed if needed. 
    Thanks, 
    Will 

    This article is for 2010, but it should work the same in 2013.  This PowerShell just creates the quota template.  You will need to pick the quota template when creating a site collection.  There is no way to set a default quota template for
    regular site collections.
    http://www.sharepointdiary.com/2013/08/create-sharepoint-quota-templates-using-powershell.html
    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

  • Backup/Restore tools for clients using WAP

    What database and file backup tools are people using to give clients access to make their own databases and websites?
    The same question goes for giving them the ability restore databases to the servers?
    Simon Holman
    Expeed Technology
    Australian Web Hosting

    I ended up utilising MyLittleBackup and it will run external to WAP for now.
    Simon Holman
    Expeed Technology
    Australian Web Hosting

  • Default "Gateway" for page name

    I am using pt:pagename in a banner portlet. It works fine in 5.04 , but in 6.0 when the page is a hosted remote portlet, the banner text displays "Gateway" by default.
    Any clue how to display a custom text instead, or just blank?
    Thanks!
    Val

    1. I have a banner portlet
    I've inserted pt:pagename tag on the html, and every time I navigate on the portal, the banner displays the page name.
    2. I have a remote portlet (C#) running on a different server.
    When I open the page containing the portlet, the banner displays the name of the page(correct)
    but if I try to navigate inside the C# app, opening a different page, the "Gateway" text is displayed.
    The same portlet on 5.04 just displayed blank. The 6.0 is comming with this "feature", and I do not know how to get rid of it.
    Unfortunately, Chris B. idea is not working, because if I delete the
    "edkRes.SetHostedDisplayMode(HostedDisplayMode.Hosted);"
    the page is not hosted anymore.
    Val

  • Is there a way to have a seperate login within the webpage for clients use?

    I have keep getting requests for having a login for doctors or for information needed for just employees. Is there a way to do that within Muse?
    Please help me out,
    thanks
    kent

    Actual version of Muse does not allow you to do this. You need to costumize your code to achive the feature you need. Also if you want to have different user names/passwords ad different content outputs, you will need a CMS (content management system) behind your site.

  • Default Gateway not transmitting to wireless clients

    Our organization is using a Linksys BEFW11S4 router, and for the most part, everything is working correctly.   However, ipconfig /all on the clients does not show a default gateway for the wireless machines.   I can not find anywhere in the router web-page that will let me configure this.
    What am I missing here?
    Thanks,
    Dennis

    Hi
    ipconfig /all is show the ip address and what is it?
    Ok,verify  option in router DHCP ->enable.
    Authentication(WAP,WEP),SSID name, I dont know the settings of the router.
    Just se the DHCP section,enable it and configure the subnet masks of the clients .
    Thanks
    Kind Regards
    ing.George Gochev
    DSL and Telecommunications Engineer

Maybe you are looking for