Re: [Openvpn-users] Client Lan Addressing

  Subject: Re: [Openvpn-users] Client Lan Addressing
  From: "Rob MacGregor" <rob.macgregor@xxxxxxxxx>
  Date: Tue, 16 Oct 2007 21:35:30 +0100

On 10/16/07, JJB <onephatcat@xxxxxxxxxxxxx> wrote:
> Actually the PIX (506e) at this point is only used for VPN. The OpenVPN
> server is also our firewall and network router. The PIX does not allow
> you to set a default gateway.

OT, but if you set a static route on the PIX for network then that is your default route (if you use the Setup
Wizard from the PDM then that's exactly what it does).

> It used to be our firewall, but was
> bottlenecking our T1.  The pix hangs off the firewall/gateway server and
> has a foot in the LAN. Problem is, it is in the same subnet as the DMZ
> zone and VPN clients are unable to access the DMZ servers, so: no email
> when connected VPN through the pix. That is why we wanted to go with
> OpenVPN, plus we seem to get better bandwidth (haven't scientifically
> tested this) when connected via OpenVPN.

I'm surprised that a 506e had trouble with a mere 1.5 Mb/s, however...
can you provide an ASCII art diagram of the networks, connections and

Oh, and exactly what problems are you having?  I see you've asked if
there would be problems using overlapping IP ranges, but not whether
or not you've actually seen any.

Finally, you may want to look at the following article:


I'm not sure which end it would be applied to though - I've never
needed to use it.

