What must be filled in Phase 2 field “VPN client address” ?
This field is the virtual IP address that the IPSec VPN client will have inside the remote subnet. With most of VPN gateways, this address must not belong to the remote network subnet. For example, if you use a VPN gateway with a subnet 192.168.0.0/255.255.255.0, you should use in “VPN Client address” a value like 192.168.100.1 or 10.10.10.1. Take the case you choose an IP address non-used in the subnet like 192.168.0.200. When the IPSec VPN Client is sending a TCP or an UDP packet to a target remote computer 192.168.0.x, this target will send inside its subnet an ARP request in order to get IPSec VPN Client MAC address and reply directly to it. But, this request cannot receive any answer because the client is not physically present inside the subnet. So, initial packets from the client will not be answered. If your VPN gateway can answer this ARP request for the IPSec VPN Client, you can fill “VPN Client address” field with an IP address belonging to remote subnet.
Related Questions
- The Address – Postal Code (DAK) field in the bar code is defined as 11 characters. How should this field be filled when using a five digit or a nine digit US ZIP code?
- Why isn the "Display as" field filled in by gwabbit when I save a contact?
- What must be filled in Phase 2 field "VPN client address" ?
