Setting default gateway in subnetted network
I have a /24 that i have been using as 2 x/25. Recently i was asked to subnet the network into 1x /27, 3x /28 and 1x /30. Previously I just had one default gateway. Now how will I set the default gateway for all these subnets?
Hi ,
Yes if you want to route the traffic between subnets ,then you need gateway to defined on your network elements (router /L3 switches) .
After breaking into number of subnets , ensure you have created appropriate vlan on layer 2 switch if applicable , Switch port access accrodingly .
Use Subnet calculator
https://www.cisco.com/cgi-bin/Support/IpSubnet/home.pl
HTH
sandy
Similar Messages
-
Can I enable "Use default gateway on remote network" on VPN connection using Group Policy?
Hi,
First timer here so please bear with me!
Environment: Domain Windows 2003, Clients: Windows 7 and Windows XP (with Client Side Extensions pushed out)
When creating a VPN connection on a client machine manually with default settings the "Use default gateway on remote network" found in [Connection Properties - Networking - IPv4 - Advanced] is enabled, which is good as we don't allow split-tunneling.
I have a test GPO that creates a new VPN Connection [Computer Config - Preferences - Control Panel - Network Options], but the above setting is unticked.
Am I missing something on the options for the GP preference to set this automtically?
I can write a script to directly change the C:\Users\All Users\Microsoft\Network\Connections\Pbk\rasphone.pbk file but would prefer if I could sort it all out using Group Policy.
Any help would be greatly appreciated!
Thanks a lot!
DavidShane,
There is actually a way to set the "Use default gateway on remote network" through Group Policy Preferences. And this may even be a better way to do it, because you may change this flag without touching any other settings, or other VPN connections.
(All VPN connections are stored in the same .pbk file.)
Here's the trick: Opening the .pbk file in notepad, I realized that this is actually an oldstyle ini-structured file. And Group Policy Preferences can update ini files! In the .pbk file the section names are the VPN connections names, like [My VPN],
and the property IpPrioritizeRemote is the flag "Use default gateway on remote network".
So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
Create a new object with Action = Update, and File Path =
C:\ProgramData\Microsoft\Network\Connections\pbk\rasphone.pbk
(If this is where your file is located, I guess it is in c:\users if the VPN connection is made for a single user.)
Section Name should be the display name of your VPN connection, without the brackets.
Property Name = IpPrioritizeRemote
Property Value = 1
Peter, www.skov.com, Denmark
Peter :-)
This is great, but just one question. I also want to append a list of DNS Sufixes in order (when viewing a VPN properties, this is buried in
"Networking --> IPv4/6 --> Advanced --> DNS --> Append these DNS Suffixes (in order)". However, for the VPNs I have manually created with this list populated, I can't see any entries in the rasphone.pbk. Does anyone know
where these are stored?
Cheers. -
Hello!
I want to create bat script to create several VPN connection.
There is powershell command to create vpn connection:
add-vpnconnection -name "Test VPN" -serveraddress "vpn.example.com" -splittunneling -tunneltype "pptp"
And I need to create VPN connection without the option "Use default gateway on remote network" option on VPN connection"
Or modify this option on existent VPN connection with command.
Please help me to find command option or other command to disable "Use default gateway on remote network" option on VPN connection" feature.http://technet.microsoft.com/nl-nl/library/ee431701%28v=ws.10%29.aspx RouteIPv4TrafficOverRAS True – Add a default gateway on the VPN connection False – Do not add default gateway on the VPN connection
-
I have created two Virtual machine of windows server 2008 R2 (VM1 & VM2 respectively). I am configuring domain controller on VM1 and VM2 will be my member server.
My Host system is windows 7 and my ISP does NOT provide me with a static IP.
When I configure domain controller on VM1 it asks me to configure static IP address first. I have given 10.0.0.2 as a static IP on VM1 and the default value of subnet mask is populated.
For preferred DNS and Alternate DNS server I have given the same static IP address (i.e 10.0.0.2).
Note - As am planning to use the local computer (i.e VM1) as my preferred DNS and alternate DNS.
Q1) What should I set as the 'default gateway' on VM1 ?
Q2) Once I've set up the domain controller, can I configure DHCP server on VM1 and assign IP to VM2 ?
Q3) VM2 being a (domain)member server, can we assign static IP to it ? If yes What would be the values in gateway, Preferred DNS and Alternate DNS field ?Thanks for answers. Doing this configuration for first time this is little confusing for me.
@Milos
Step No. 15 says
"If you do not have static IPv4 and IPv6 addresses assigned to your network adapters, a warning message might appear advising you to set static addresses for both of these protocols before you can continue."
The warning message did appear.
Before I start to configure Active Directory Domain Services, I
will have to provide a static IP to the system. Correct?
I have two virtual machines (windows server 2008 R2) running on my VMware workstation. I do not require two domain controllers, my requirement is the first virtual machine (i.e VM1) should be the domain controller and the second virtual machine (i.e VM2) should
me a domain member server (NOT a domain controller or a child domain)
As you have explained, that Before you run DCPROMO,
there is following configuration:
IP address 10.0.0.2
MASK 255.0.0.0
Deafault gateway 10.0.0.1 if
this is IP address of ryour outer.
Preferred DNS 10.0.0.2
I would like to understand, is this what you mean by having a static IP ?
I am pasting three screenshot below,
1st) ipconfig of my host system. -
I have a LAG with two VLANs in it.
Setup
VLAN 1 (Untaged default) is connected to the '192.168.11.x', which connects to the "10.1.10.x", which connects to the internet.
VLAN 3 (Tagged) is connected directly to "10.1.10.x" which connects to the internet.
Situation;
When both VLAN3 and VLAN1 are up, default gateway is 192.168.11.1
When VLAN1 is down, default gateway is 10.1.10.1
*Desired configuration;*
How do I make the VLAN3 interface the default, or the directly attached network of 10.1.10.x the default, when it is enabled?
I have tried this, but must be missing something;
+kevin-cossaboons-mac-pro:~ kevincossaboon$ sudo route -nv add -net 0.0.0.0 10.1.10.1+
Password:
+u: inet 0.0.0.0; u: inet 10.1.10.1; RTM_ADD: Add Route: len 128, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,STATIC>+
+locks: inits:+
+sockaddrs: <DST,GATEWAY,NETMASK>+
+default 10.1.10.1 default+
+route: writing to routing socket: File exists+
+add net 0.0.0.0: gateway 10.1.10.1: File exists+
+kevin-cossaboons-mac-pro:~ kevincossaboon$ netstat -r+
+Routing tables+
Internet:
+Destination Gateway Flags Refs Use Netif Expire+
+default 192.168.11.1 UGSc 30 171 bond0+
+10.1.10/24 link#13 UCS 3 0 vlan0+
+10.1.10.1 0.13.f7.af.e7.e6 UHLW 0 93 vlan0 995+
+10.1.10.13 0.18.39.3b.42.95 UHLW 0 26 vlan0 178+In your network preferences click the cog wheel and choose set service order. Then drag vlan3 to the top of the list.
-
Set default gateway on headless server (via ssh)
I'm trying to configure one of the two ethernet interfaces on a headless Xserve. I managed to give it an address and subnet mask with ifconfig, but I can't figure out how to give it a default gateway or dns server.
I tried using this:
sudo route add default gw xxx.xxx.xxx.xxx en0
but I got the error 'route: bad address: gw'
is there something wrong with my syntax, or does this just not work on OS X?Something's wrong with your syntax
Try:
<pre class=command>sudo route add default a.b.c.d</pre>
The keyword 'gw' is not needed, and you also don't need to specify an interface since the OS should be able to work it out from the IP address(es) assigned to your interface(s). -
Cascaded network unable to access default gateway att 5031nv
Hello - I have a Cisco 3750 sitting behind an ATT 5031 NV. The Cisco device has the following networks 'living' on it: 10.1.1.1 /2410.1.2.1 /2410.1.3.1 /24 All of these have DHCP pools living on the Cisco device. The default gateway they had out is the IP of the SVI (mentioned above). I am using OSPF between those networks - and they can all talk fine. I am using the 'default-information originate' command to obtain default route information. I have port Gi1/0/3 on the cisco device plugged into LAN port 4 on the ATT 5031 NV. Port Gi 1/0/3 is configured with a static IP in the 192.168.1.x network as follows:
ip address 192.168.1.2 255.255.255.0 On the ATT 5031 NV: Settings > broadband > link configuration, I have the 'cascaded network' option selected: Network Address: 10.1.0.0 Subnet Mask: 255.255.0.0 Choose the router that will host the secondary subnet: [Cisco Device Hostname] 192.168.1.2 (IP of Gi1/0/3 on cisco device) When i do this - i can ping from the 10.x.x.x networks to both 192.168.1.2 and 192.168.1.254 IP's - but i cannot get out to the Internet (neither by IP or hostname). I should metion that I have tried the DMZ pinhole option - where i made my Gi1/0/3 get an IP by DHCP > rebooted it > and I got my device to show up with a 108.225.x.x external IP (which again, my 10.x.x.x's could ping) but I could not ping the default gateway for that network. What am i missing here? anyone have any ideas? Config to follow: !interface GigabitEthernet1/0/3
description DMZ to WAN
no switchport
ip address 192.168.1.2 255.255.255.0!interface Vlan1
no ip address
interface Vlan100
description MANAGEMENT
ip address 10.1.1.1 255.255.255.0
interface Vlan120
description xxxx WIFI
ip address 10.1.2.1 255.255.255.0
interface Vlan130
description xxxx DATA
ip address 10.1.3.1 255.255.255.0!router ospf 1
network 10.1.1.0 0.0.0.255 area 1
network 10.1.2.0 0.0.0.255 area 1
network 10.1.3.0 0.0.0.255 area 1
default-information originate!ip default-gateway 192.168.1.254!ip route 0.0.0.0 0.0.0.0 192.168.1.254 Any help would be greatly appricated.Hi ,
With the cascaded router option, the purpose of that option is to pass over your static IPs so that your gateway handles the traffic. If you do have a set of static IPs available, the only thing you want to change is the cascaded router IP. The network address should be the IP of your router, so it would be 192.168.1.2 according to your setup.
If you are just trying to do a router behind router setup, you actually do not need to use the cascaded router option, and just putting it in DMZ should take care of everything.
Hope this helps.
-ATTU-verseCare -
How can I adjust the network settings on 5.8 ? I need to add in the default gateway for my network.
Thanksyou can issue command
# route add default {your IP of gateway}
If you want default gateway is set in bootup
# echo "your IP of gateway" > /etc/defaultrouter
Then restart
Lucas -
Set Default Printer based on user setting using Powershell script
Hi
I would like to create a script that runs on user log off and captures the default printer (set manually by the user) and then another script to reapply the settings (saved upon log off) when the user logs back in.
This is because local printers are set as default printer (PDF Creator Programs) when we all use Network Printers so this means a user has to set default printer to the network printer all the time.
I have found this script to start with:
$Printer = Get-WmiObject -namespace root\cimv2 -Query “select * from Win32_Printer Where Default = TRUE” -Impersonation 3 | select name | out-file C:\temp\Printer.txt
But the out file looks like this:
name
\\PrinterserverName\Accounts01
Which I dont see how it can be used on another script plus there are spaces after\Account01
Any Ideas please?
M
MaelitoHi Maelito,
According to your description, you want to export the default printer name to text file, then read this printer name from text file and set the default printer via Powershell:
#save printer name to text file
Get-WmiObject -namespace root\cimv2 -Query “select * from Win32_Printer Where Default = TRUE” -Impersonation 3 | select -ExpandProperty name | out-file C:\temp\Printer.txt
# read printer name from text file and set default printer
$name=get-content C:\temp\Printer.txt
(Get-WmiObject -Class Win32_Printer -Filter "Name='$name'").SetDefaultPrinter()
If there is anything else regarding this issue, please feel free to post back.
Best Regards,
Anna Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Setting up IP,Subnet, default gateway and secondary gateway in solaris 10 x
Hi,
I am new to solaris.
I have instralled solaris10 x86 on my system.
I am not able to access internet as i am not able to setup address.
I use broadband and have static ip address.
How do i configure them...
ip, subnet, default gateway, and secondary gateway.
Thanks in advance.run sys-unconfig and after reboot set the parameters (IP, etc)
What do you mean second gateway? -
Setting permanent default gateway in OEL 6
Hello,
how can a default gateway be set permanently in OEL6?
At the moment I am setting iit manually every time the machine or the network service is restarted:
$ /sbin/route add -net default gw IPADDRESSThanks on advance.
AngelHi again,
looks like we managed to achieve the target following the steps in section 4.4 of the Deployment manual at http://linux.oracle.com/documentation/EL6/Red_Hat_Enterprise_Linux-6-Deployment_Guide-en-US.pdf. The link you provided was pointing to Development manual.
I created a file /etc/sysconfig/network-scripts/route-bond0.764 with the following content:
0.0.0.0/0 via 10.7.79.250 dev bond0.764Using the "network/netmask" format. That way it works all right:
$netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 10.7.79.250 0.0.0.0 UG 0 0 0 bond0.764Just for FYI, first of all I tried with the following content:
default 10.7.79.250 dev bond0.764But when bouncing the network service, I was getting this error:
Bringing up interface bond0.764: Error: either "to" is a duplicate, or "10.7.79.250" is a garbage.'Not sure which was the reason for this error anyway.
Looks like when using channel bonding, gateway specification in the usual files (/etc/sysconfig/network or /etc/sysconfig/network-scripts/ifcfg-bond* ) makes no effect for any reason.
Let me know if I can do something to find out why it makes no effect.
Thanks a lot for you help.
Angel
Let me know if I can help -
Wrt54g default gateway setting
I am looking to use my wrt54g router with my FIOS and Actiontec router/modem. Both use the same default gateway. How do I change the default gateway on my wrt54g from 192.168.1.1 to 192.168.1.0?
When I open up this address with IE and the Linksys setup pages come up there is no place to change the default gateway. Any suggestions?
thank you in advance
JohnAre you trying to change the IP of your router? If so, that should be on the first page that comes up when you login to the router. I'm confused by you saying that you want to change the "default gateway."
-
Default Gateway when connected to VPN
Thanks for reading!
This is probably a dump question so bear with me...
I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
This is who it looks like now:
Anslutningsspecifika DNS-suffix . : VPNOFFICE
IP-adress . . . . . . . . . . . . : 10.10.10.1
Nätmask . . . . . . . . . . . . . : 255.255.255.0
Standard-gateway . . . . . . . . :
The internal network is :
172.16.12.0 255.255.255.0
Below is my config for the ASA, thanks a lot!!!!!!!
!FlASH PÅ ROUTERN FRÅN BÖRJAN
!asa841-k8.bin
hostname DRAKENSBERG
domain-name default.domain.invalid
enable password XXXXXXX
names
interface Vlan1
nameif inside
security-level 100
ip address 172.16.12.4 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 97.XX.XX.20 255.255.255.248
interface Ethernet0/0
switchport access vlan 10
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list MSS_EXCEEDED_ACL extended permit tcp any any
access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
tcp-map MSS-MAP
exceed-mss allow
pager lines 24
logging enable
logging timestamp
logging buffer-size 8192
logging console notifications
logging buffered notifications
logging asdm notifications
mtu inside 1500
mtu outside 1500
ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 172.16.12.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 172.16.12.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.16.12.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
group-policy VPNOFFICE internal
group-policy VPNOFFICE attributes
dns-server value 215.122.145.18
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-SPLIT-TUNNEL
default-domain value VPNOFFICE
split-dns value 215.122.145.18
msie-proxy method no-proxy
username admin password XXXXXX privilege 15
username Daniel password XXXXX privilege 0
username Daniel attributes
vpn-group-policy VPNOFFICE
tunnel-group VPNOFFICE type remote-access
tunnel-group VPNOFFICE general-attributes
address-pool VPN
default-group-policy VPNOFFICE
tunnel-group VPNOFFICE ipsec-attributes
pre-shared-key XXXXXXXXXX
class-map MSS_EXCEEDED_MAP
match access-list MSS_EXCEEDED_ACL
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp error
inspect pptp
inspect ipsec-pass-thru
inspect icmp
class MSS_EXCEEDED_MAP
set connection advanced-options MSS-MAP
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
: endI didn't realise I had that crypto settings on, thanks my bad!!!
But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
the vpn network is staticly routed back to my ASA in that firewall...
I don't like this solution.. but this is who it looks.. for now..
(VPN network is 10.10.10.X/24)
But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
THANKS for all the help! -
Incorrect Default Gateway for Clients using a Concentrator
Hey all,
Hopfully an easy one - I'm trying to configure a VPN Concentrator for use with the old VPN Client for an IPSec CVPN.
The clients connect fine, but they are getting the incorrect default gateway during the address assignment.
My address pool is 192.168.0.128/25. The client correctly picks up the first address in the range, 192.168.0.129, but the default gateway for the VPN adapter is assigned as the next address in the range, 192.168.0.130.
I need the gateway address to be 192.168.0.254 (the SVI of the L3 switch connected to the Concentrator), but I can't for the life of me fine a configuration option anywhere in the pool assignment. I've set the tunnel default gateway to this 192.168.0.254, but this makes no difference.
Any ideas where I can find this config option?
Thanks!Andrew
In the chart that you posted about the routing setup it refers to a DMZ network and DMZ gateway. Can you clarify what these are since I do not see them in the drawing that is in that post?
I agree with Herbert that it is cleaner to have the address pool on the concentrator use addresses that do not overlap with the concentrator subnet connecting to the layer 3 switch. And as long as the layer 3 switch has a route to that address pool, and the next hop in the route is the address of the concentrator interface then the separate pool addressing should work just fine.
I have re-read this thread and want to make sure that after some changes that you have made that the problem symptoms are still the same. You told us earlier that: "Now the client can ping the interfaces on its local LAN (concentrator interface 192.168.0.253, and the L3 switch, 192.168.0.253), but it cannot reach the rest of our internal LAN behind the layer 3 switch." Is this still an accurate statement of the problem?
As Herbert said earlier this could either be caused by the concentrator not have a correct route for the inside or it could be because the inside does not have a correct route to the client. In re-reading your description of the routing set up it looks like the concentrator has a default route configured but not the tunnel default route. May I suggest that you try configuring a tunnel default route (in addition to the normal default route) and see whether that makes any difference?
If that does not help the problem then I would suggest that you verify that the devices on the inside do have their default gateway set correctly and that the layer 3 switch does have a route for the VPN address pool with the concentrator interface address as the next hop.
HTH
Rick
[edit] I just focused on the question that you asked about the concentrator possibly needing a route for the address pool. The concentrator does not need any route statements for the address pool - it knows its own address pool, pretty much like having a connected interface subnet. The layer 3 switch is what needs a route for the address pool. -
Some clients get Default Gateway assigned from WRT300N while others don't
Two existing desktops, one wired other wireless and existing laptop wireless connects to internet fine.
Trying to add work laptops, they aquire wireless signal, gets DHCP IP address assigned but doesn't connect. Looked at the ipconfig output and shows no default gateway - router IP is set to 192.168.1.1 - with everything default, I did a reset on it.
The existing machines all have default gateway assigned. Only difference I see is work machines are XP pro. Never had problems with work laptops connecting anywhere else.
Any ideas on how to setup so work laptops can connect?
Solved!
Go to Solution.namralk wrote:
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
You have configured vmware on your computer to use 192.168.1.1 on the VMnet8 adapter. This means the computer uses 192.168.1.1 itself on that adapter and obviously won't set 192.168.1.1 as default gateway on your wireless adapter because 192.168.1.1 is the computer itself.
Fix your network configuration in vmware. After that a "ipconfig /renew *" or a reboot should obtain a new working lease including the default gateway. Make sure vmware does not use the 192.168.1.0/255.255.255.0 subnet for it's network adapters.
Maybe you are looking for
-
My cd/dvd drive does not recognize/load cds
iMac 10.6.8 snow leopard with iTunes 11.0, purchased in 2008. The cd will be accepted into the drive which will begin to turn/mount the disk followed by a few clicks after which the drive stops, tries again, tries a 3rd time and then ejects the cd.
-
FM to create Sales Order from reference billing document
Hi, I need to create a sales order from a reference billing document. Please tell me if there is any function module/BAPI to do that. Thanks in advance for the help Regards, Varun
-
Persist Entity Bean in flat file?
Is it possible to persist entity bean in a flat file? I need to persist a single value (sequence number) and I can not use database to do so. I would need to run this in a clustered environment and need to recover the value if something goes wrong. T
-
I have iphone 5s and this shows disabled kindly tell me how can i open this
I have iphone 5s they shows disabled kindly tell me how can I open this
-
Data from Report 2.5 to Excel.
Hi all, I want to perform a report in Reportwriter (2.5) an have the results in a Excel sheet. Can send it to file and separately start Excel and read the produced file, no prob. Is there any way that it starts automatically Excel at the end of the r