Hi,

I am wanting to set up L2TP over ipsec vpn access for remote users on a 2860

I have set up the LAN with no DHCP server running as the AD DC provides internal DHCP.

Internal users are on 10.0.0.0/255.255.255.0

We want the users for the VPN to have an IP from the range 10.2.0.0/255.255.255.0

Is this possible? When I go through the setup for this, and give the wanted range out, the users are unable to connect to internal services. I assume I need to add a route in somewhere?

Also as a side question, is it possible with an L2TP user VPN to have the Remote users authenticate via Active Directory? When I look through the docs it seems I would have to choose PAP authentication only, which is unencrypted? Am I just misunderstanding something?

-edit- Forgot to mention we are wanting to use Windows built in VPN client.

Kind Regards,

Mat

I'm not sure you can do it for teleworkers (as opposed to LAN-to-LAN) but I'm interested in why you want to do that rather than the users get an IP address in the main subnet.

I think in this case it was that there wasn't enough availablility within the main DHCP scope to accommodate all the remote workers.

Also maybe if you wanted to restrict VPN users from certain services (allow file sharing, but block RDP access for VPN users, for example). I figured this could be done via firewall rules, and if the VPN users were part of the main subnet you'd not be able to acheive this.

KR,

Mat

I was thinking it might be the latter. Anyway, I'm not sure it is possible but check with support if no-one here knows.