VPN Ip adresses range

Alain_Bensimon
Getting noticed

VPN Ip adresses range

My main subnet is 10.69.11.0/24 and my DHCP is off since we have a Windows DHCP server.
In my asa 5505, I had a vpn setup and the vpn clients used to get a DHCP IP in the range 10.69.11.220-10.69.11.253 from the ASA.
Where can I setup thin in the meraki?
Thank you

10 Replies 10
ww
Kind of a big deal
Kind of a big deal

The subnet is set at the clientvpn  option itself. Dhcp is provided from the mx

Alain_Bensimon
Getting noticed

I don't understand your answer.

cmr
Kind of a big deal
Kind of a big deal

@Alain_Bensimon in the dashboard go to Security & SD-WAN - Client VPN and enable the VPN, the setting is here:

 

cmr_0-1606926655625.png

 

Alain_Bensimon
Getting noticed

Currently I have this:

chrome_38gQl10OAJ.png

and this 

Cn5fZVcr5y.png

I would like the VPN clients to get IP's within my main subnet.

 

cmr
Kind of a big deal
Kind of a big deal

Hi @Alain_Bensimon I don't think that is possible, the subnets need to be different to be routable

Alain_Bensimon
Getting noticed

@cmr 

so what are my options?

I absolutely need VPN clients to get IP's within that range because we have a site to site VPN to access some programs that are located on another site, and if clients are out of that range, they are denied of entry.

 

Is it possible to disable the VPN client subnet and get IP's from our Windows DHCP server that already assign IP's to our local clients?

cmr
Kind of a big deal
Kind of a big deal

@Alain_Bensimon you could divide the existing LAN subnet in two and have half for the LAN and half for the VPN clients i.e. LAN has 10.69.11.0/25 and VPN has 10.69.11.128/25, or you could ask the other site owner to permit an extra subnet and use that for the VPN.

Alain_Bensimon
Getting noticed

@cmr I thought about that, but then they will be on another vlan, and the VPN clients won't have access to the local ressources of our main Lan.

Is there any way that the meraki does not assign IP adresses to the VPN clients and let my Windows DHCP server take care of it?

cmr
Kind of a big deal
Kind of a big deal

I don't think so, I cannot think of any modern firewalls that allow that feature.

KarstenI
Kind of a big deal
Kind of a big deal

The ASA can provide the VPN addresses via DHCP.

 

back to topic: Why shouldn’t. systems on the main LAN not be able to communicate with VPN clients on a different LAN? For sure that works.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels