Just wondering if someone can answer this definitively. Can I "share" an address range between an ssl vpn and an ipsec vpn?
The current setup is an SSL VPN, Source IP Pool x.y.z.1-254 and using the "Automatically assign addresses" option so that the entire 1-254 range is used for clients connecting. Rarely more than a few dozen simultaneous clients so the size of the range is irrelevant.
The plan is to:
Specify a custom IP range for the SSL VPN x.y.z.1-127.
Then create IPSEC VPN and client address range of IP x.y.z.128-254.[/ol]
The reason for this is that extensive internal layer 2 ACLs, manual routes, and server firewall rules all have the x.y.z.0/24 segment already defined. Trying to use a different range for the LT2P IPSEC clients would mean extensive updates to many switch stacks and dozens of server's local FW settings.
The Powers That Be are concerned that "sharing" that range would cause problems with one or the other.