cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
New Contributor III

Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

I have a Mobile Peer set up for a laptop that goes from one physical location to another. I am using Adtran Secure VPN Client to connect from the laptop to the Netvanta 3448's Mobile Peer. I set this up to work with no issue. The issue comes when I need this laptop to use the same IP address assigned by the Netvanta crypto ike pool (there are other clients that have to connect to this Mobile Peer). I have went to the Adtran adapter in network connections and gave the VPN adapter the static that I want it to be in a valid IP 10.5.12.1. When I do that the laptop wont connect to the Mobile Peer using the Adtran Secure VPN Client. I have also tried to assign the static IP address to the Profile on the Adtran VPN Client, this allowed me to connect to the Mobile Peer but the Laptop could no longer get the the applications that require it to show up as 10.5.12.1

I need the Mobile Peer to support multiple users (which it does) while allowing this one Laptop to have the static IP 10.5.12.1

Here is my Configuration:

crypto ike client configuration pool "VPN Client Users"

  ip-range            10.5.12.1          10.5.12.254

  dns-server          8.8.8.8           4.2.2.2

crypto ike policy 117

  no initiate

  respond anymode

  local-id address 69.43.74.26

  peer any

  client configuration pool "VPN Client Users"

  attribute 1

    encryption 3des

    hash md5

    authentication pre-share

crypto ike remote-id any preshared-key N87*Nidid*l ike-policy 117 crypto map VPN 180 no-xauth

crypto map VPN 180 ipsec-ike

  description VPN Client Users

  match address VPN-180-vpn-selectors2

  set transform-set esp-3des-esp-md5-hmac

  ike-policy 117

  mobile

ip access-list extended VPN-180-vpn-selectors2

  permit ip 10.5.10.0 0.0.0.255  10.5.12.0 0.0.0.255

ip policy-class inside

  allow list VPN-180-vpn-selectors2 stateless

  nat source list web-acl-1 interface eth 0/1 overload

ip policy-class outside

  allow reverse list VPN-180-vpn-selectors2 stateless

Please let me know what any of you think.

Thanks,

0 Kudos
Reply
1 Solution

Accepted Solutions
Highlighted
New Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

The Adtran Engineer solved this with ease. So thank you so much for your help Mark Fentz!

The fix was pretty simple and here it is:

crypto ike client configuration pool "VPN Client Users"

  ip-range            10.5.12.5          10.5.12.254

  dns-server          8.8.8.8           4.2.2.2

crypto ike remote-id fqdn test.com preshared-key N87*Nidid*l ike-policy 117 crypto map VPN 180 no-mode-config no-xauth

crypto ike remote-id any preshared-key N87*Nidid*l ike-policy 117 crypto map VPN 180 no-xauth

The "no-mode-config" tells the router not to assign it IP address. This allows the static IP. So in the Remote Client VPN software we set up its remote-id as "test.com" and it will pick up the first crypto ike and the router

will not give DHCP ip. You can use this same fqdn on all remote clients that need static.

The second crypo ike is same as orginal and works for all others from any ip with the proper settings and PSK.

Thanks,

View solution in original post

22 Replies
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

It's been a long time since I've use the Adtran VPN client, but if the client supports using a static IP, you may be able to adjust your IP range in the ike client configuration pool.

ip-range  10.5.12.5  10.5.12.254


Then you could statically assign the client on the laptop any address between 10.5.12.1 - 10.5.12.4


This way you still have plenty of addresses for the other mobile users, but will will always know the IP of the laptop when it connects.


I know that will work with the Shew Soft VPN.  I'm just not sure if static addresses are possible in the Adtran VPN client software.  It most likely is an option.


R\


0 Kudos
Reply
Highlighted
New Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

I will test this tomorrow and let you know how it goes. Today when I tested I did this, I assigned 10.5.12.1 to Laptop and the range on router was 10.5.12.1 - 10.5.12.254 but no other users was connected or attempted to connect.  Like I said thank you for the idea and I will test it your way tomorrow and report back.

Thanks,

0 Kudos
Reply
Highlighted
New Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

I have made these changes and tested. Here are the changes

crypto ike client configuration pool "VPN Client Users"

  ip-range            10.5.12.5         10.5.12.254

  dns-server          8.8.8.8           4.2.2.2

I went into my Laptop and Static assigned (On the Adtran Secure Client Virtual Local area connection) this IP address 10.5.12.1 /24 with the DNS 8.8.8.8 and 4.2.2.2 and I could connect to Adtran Secure VPN Client but not get to the things I should get to with my IP as 10.5.12.1. I then disconnected and set the Adtran Secure Client Virtual Local area connection to DHCP.

I switch the configuration back to:

crypto ike client configuration pool "VPN Client Users"

  ip-range            10.5.12.1         10.5.12.254

  dns-server          8.8.8.8           4.2.2.2

I Reconnect to Adtran Secure VPN Client and get IP 10.5.12.1 and I am able to get to applications that I should. I NOTICE one thing when I get DHCP IP address. I get an IPv$ DHCP Server address of 10.5.12.2 on my Adtran Secure Client Virtual Local area connection. There is no place to manually set this setting when you do it static.

I have inserted the DHCP image from Adtran Secure Client Virtual Local area connection.

Adtran_Secure_VPN_Client_IP_ADd.JPG

0 Kudos
Reply
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

I tried configuring it in my ShrewSoft VPN client.  It worked.  I noticed that when I get a dhcp address, the subnet mask is 255.255.255.255 vs. 255.255.255.0.  I set my static ip in the client that way and it worked.  Can you give that a try and see how if that works for you?

0 Kudos
Reply
Highlighted
New Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

The Image I provide above is from a DHCP ip address that works.  Adding a static IP address in with 255.255.255.255 would be outside of what happens with DHCP so I am thinking it wont work. I will try it anyway and report back. Thanks for help.

0 Kudos
Reply
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

I'm suggesting that you configure the router as follows:

crypto ike client configuration pool "VPN Client Users"

  ip-range            10.5.12.5         10.5.12.254

  dns-server          8.8.8.8           4.2.2.2

Then, in your VPN client assign 10.5.12.1 to the client statically with a subnet mask of 255.255.255.255.

I think it will work.  I don't have a valid copy of the NetVanta VPN client to try it here on my bench.  I know it works when I configure ShewSoft the same way.

I'm really curious to see if it works.  Shrewsoft did not work when I set a static address and use 255.255.255.0.

0 Kudos
Reply
Highlighted
New Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

I just did exactly as you suggested and it does not work. It was a good try though. I am about to try using a Default gateway in my settings to see if that helps.

0 Kudos
Reply
Highlighted
Contributor III
Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

Great.  Well at least we know it will work with ShrewSoft.  I'm interested to see how it turns out with the default gateway. 

0 Kudos
Reply
Highlighted
New Contributor III

Re: Netvanta 3448 Remote Client VPN, assign a static IP to the remote client

Jump to solution

It worked strange with a default gateway. If I leave VPN DHCP range 10.5.12.1-254 and use static IP with subnet mask 255.255.255.255 and default gateway 10.5.12.2 (which normally is assigned to DHCP server, I work fine. However this is not a solution because another user may connect first and take that IP address 10.5.12.1 and then the Laptop wont have access to the application/software that it needs.

What is ShrewSoft and how much does it cost?

Thanks,

0 Kudos
Reply