ER605 - VPN passthrough vs one domain

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

ER605 - VPN passthrough vs one domain

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
13 Reply
Re:ER605 - VPN passthrough vs one domain
2024-01-31 12:30:29 - last edited 2024-01-31 12:39:13

  @MR.S 

 

sorry for the late reply.

 

The list of routes is quite large, including large swaths of 10.x.x.x subnets.  I also use 10.x.x.x on my LAN.

Someone once suggested that could be an issue, but I figured that surely many people use the 10.x.x.x scheme.  Perhaps I should give that another thought.  I do see a range that's not in the unsecured list, and changing a static IP on the LAN side is certainly a small enough amount of effort to give it a try later today.

 

Edit:  That said, the list of secured routes includes:  10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, so maybe I shouldn't raise my expectations too high on that smiley

 

  0  
  0  
#12
Options
Re:ER605 - VPN passthrough vs one domain
2024-01-31 13:38:58

  @Xexus 

 

if you use the whole rfc1918 (all private ips) then you will have problems if you want to reach other private ip networks outside vpn tunnel, so if you can limit which ip is secure then it might work :-)

 

  0  
  0  
#13
Options
Re:ER605 - VPN passthrough vs one domain-Solution
2024-02-27 12:20:36 - last edited 2024-02-27 12:23:52

  @MR.S 

 

Just wanted to follow up and note that I did find a solution.

 

First I upgraded to an ER7302: which by itself didn't fix the issue, but that alone increased my VPN speeds nearly twice fold.

 

Then I created a VLAN in the router to issue DHCP addresses in the 198.168.x.x range to the VLAN members.  Although the AnyConnect routes listed all private IP ranges as secure, this was the change that worked.

 

Thanks for exploring this with me :)

 

 

Recommended Solution
  1  
  1  
#14
Options