From: 2nd CCIE (doubleccie@yahoo.com)
Date: Mon Mar 20 2006 - 02:46:17 GMT-3
Hi guys ;
I was trying to configure 3015 concentrator when i ran into two problems , hope someone has some ideas to help .
the concentrator public interface is connected directly to the internet , while the private interface is connected to the DMZ interface of a pix FW , in the DMZ there is no other devices so far , only the PIX and the VPN3015 connected via Cisco switch
problem 1
I configured a group for IPSEC tunneling for Cisco VPN clients , the problem is that when the client try to connect , the concentrator gives an error that all the address range configured on the box is exhausted , when i check the statistics i found that all the IPs of the given scope are in "held" status .and descriped as "External in use"
the scope is created under the group \address assignment and it is from the same range as the private interface , for example the private interface is 10.1.1.1/24 and my range is 10.1.1.3-10.1.1.10/24
when i give different scope (say 10.1.2.x) other than the private interface subnet, everything works perfectly
I wonder if anyone ran into similar problem of has an idea what could be wrong ?
Problem 2
that is just a question , for PPTP connections ..it seems that address assignment must be configured on the system \address assignment and not on the group ...is it correct?
thanks
2nd
---------------------------------
Yahoo! Mail
Bring photos to life! New PhotoMail makes sharing a breeze.
---------------------------------
Yahoo! Mail
Use Photomail to share photos without annoying attachments.
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:39 GMT-3