ip local pool question

You might be running into a different issue. On the 501, the DHCP pool size is limited to:

- 32 if you have the 10 user license

- 128 if you have the 50 user license

- 253 if you have the unlimited license

I believe your problem is that the PIX501 will not handle more that 32 IP's in a range. So the mas kdoesnt really matter, as its for VPN client use only.

The cmd ref says (pixos 6.3.4): [mask ] Add an optional netmask. If the netmask is configured then the PIX Firewall headend will return it to the VPN client.

If the netmask is not configured, PIX Firewall will retain backward compatibility

with its previous behavior by not returning the netmask. If netmask is not

configured, the PIX Firewall will use netmask 255.255.255.0.

This is though rather strange, as somepart meantion the word netmask, but the syntax uses the word mask ...

Try not to give the mask at all...

HTH

Martin Bilgrav

That's for the 10 user license. See my posting in this thread for the other licenses.

Thanks for your input. Maybe I'm not understanding you, but my issue is the subnet mask being assigned to the remote VPN clients, not the number of people who can connect. The issue of the subnet mask is important, since remote clients are being assigned 255.0.0.0 (my guess is that's because we're using a 10. private block). The result is the VPN clients can't access any remote subnets in our organization because the client views them all as local, due to the mask.

You mention that previous behavior is the PIX issuing a Class C subnet, but this is not what we are seeing.

Have you tried the command with out the mask option? When the mask option is not configured the PIX *should* send the client the subnet mask of 255.255.255.0.

It currently does not have the "mask" option (won't take the mask option as a matter of fact) ... and issues a 255.0.0.0 subnet