ip local pool question
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||
|
Posted by on January 11, 2006, 6:08 pm
Please log in for more thread options I have two PIX firewalls: a 501 and a 515 that I am trying to issue the following command: ip local pool PoolName 10.x.x.1-10.x.x.254 mask 255.255.255.0 The problem is the 501 doesn't won't take the "mask 255.255.255.0", so it resorts to the default 255.0.0.0. Can anyone shed any light on why this is and how I can get the class C subnet that I require? The 501 is running PIX Version 6.3(3) thanks | ||||||||||||||||||||||
|
Posted by Walter Roberson on January 11, 2006, 7:36 pm
Please log in for more thread options >ip local pool PoolName 10.x.x.1-10.x.x.254 mask 255.255.255.0
>The problem is the 501 doesn't won't take the "mask 255.255.255.0", so
>it resorts to the default 255.0.0.0. Can anyone shed any light on why >this is and how I can get the class C subnet that I require? >The 501 is running PIX Version 6.3(3)
You might be running into a different issue. On the 501, the DHCP pool size is limited to: - 32 if you have the 10 user license - 128 if you have the 50 user license - 253 if you have the unlimited license | ||||||||||||||||||||||
|
Posted by Martin Bilgrav on January 12, 2006, 1:35 pm
Please log in for more thread options I believe your problem is that the PIX501 will not handle more that 32 IP's
in a range. So the mas kdoesnt really matter, as its for VPN client use only. The cmd ref says (pixos 6.3.4): [mask <mask>] Add an optional netmask. If the netmask is configured then the
PIX Firewall
headend will return it to the VPN client. If the netmask is not configured, PIX Firewall will retain backward compatibility with its previous behavior by not returning the netmask. If netmask is not configured, the PIX Firewall will use netmask 255.255.255.0. This is though rather strange, as somepart meantion the word netmask, but the syntax uses the word mask ... Try not to give the mask at all... HTH Martin Bilgrav > Hi,
> > I have two PIX firewalls: a 501 and a 515 that I am trying to issue the > following command: > > ip local pool PoolName 10.x.x.1-10.x.x.254 mask 255.255.255.0 > > The problem is the 501 doesn't won't take the "mask 255.255.255.0", so > it resorts to the default 255.0.0.0. Can anyone shed any light on why > this is and how I can get the class C subnet that I require? > > The 501 is running PIX Version 6.3(3) > > thanks > | ||||||||||||||||||||||
|
Posted by Walter Roberson on January 12, 2006, 3:03 pm
Please log in for more thread options >I believe your problem is that the PIX501 will not handle more that 32 IP's
>in a range. That's for the 10 user license. See my posting in this thread for the other licenses. | ||||||||||||||||||||||
|
Posted by on January 13, 2006, 7:48 am
Please log in for more thread options Thanks for your input. Maybe I'm not understanding you, but my issue is
the subnet mask being assigned to the remote VPN clients, not the number of people who can connect. The issue of the subnet mask is important, since remote clients are being assigned 255.0.0.0 (my guess is that's because we're using a 10. private block). The result is the VPN clients can't access any remote subnets in our organization because the client views them all as local, due to the mask. You mention that previous behavior is the PIX issuing a Class C subnet, but this is not what we are seeing. | ||||||||||||||||||||||
| Similar Threads | Posted |
| ip local pool question | January 11, 2006, 6:08 pm |
| ip local pool not releasing addresses | June 17, 2005, 6:03 am |
| HowTo assign DNS Server with "ip local pool" | September 3, 2007, 5:22 am |
| BGP prepending and local preference question | August 29, 2006, 11:31 am |
| nat for pool | September 12, 2006, 9:30 am |
| Nat Pool | July 25, 2008, 3:18 pm |
| reading the nat pool | September 19, 2005, 3:21 pm |
| ezvpn: ip pool necessary? | June 27, 2006, 1:54 pm |
| Pool Manager uses 40% of CPU | November 5, 2006, 4:43 am |
| rephrased: 2621 nat pool | September 22, 2005, 8:14 pm |
| VPN address pool disappears from PDM | April 12, 2006, 9:23 am |
| What is NAT pool "prefix-length" for? | February 5, 2008, 2:43 pm |
| Recommended spares pool size? | August 28, 2005, 10:30 pm |
| VPN -- why do I see the remote IP address (not vpn pool addr) in my log? | February 10, 2006, 1:35 pm |
| Simultan VPN tunnel and root directory replication from storage pool | December 6, 2005, 5:37 pm |
>following command: