IP Domain - /32

Lagcat · Post by **Lagcat** » 25 Jul 2024 06:21

hello

apologies for my lack of knowledge and detail when needed as I am a network/firewall guy and not an Alcatel engineer
also my first post here so be gentle

we are experiencing issues trying to get clients in the correct IP domain to receive the compression policy - this is only affecting our VPN users
I understand the problem and the only fix I can see if adding the individual host entries for our VPN range of 2000 users

so when vpn users connects on the VPN they get their IP and a subnet mask of 255.255.255.255 (palo - global protect)
but on the ip domain from what I can see we can define host address, ip range, ip subnet - but it seems that the Alcatel client on the laptop sends the gateway/CPU the subnet that being used on the vpn adapter - and for some reason the subnet has to match the ip domain setting

so my question is how I can get around this as I we cannot define an ip range 192.168.1.0 - 192.168.7.255 with subnet mask 255.255.255.255 (as truly this would be a 255.255.248.0 that would need defining)

but if it add individual hosts like 192.168.1.1 255.255.255.255 the host will fall into the correct domain

does anyone else have this issue and how do you get around it?

Post by **frank** » 25 Jul 2024 10:10

hi -

It is normal to get assign a subnet of 255.255.255.255 for a vpn client.
Somewhere else, there is a default gateway to go to your Palo Alto.
The IP Desktop Softphone should use the local PC IP Address (not the VPN one)
The soft phone will take the default route of your vpn client
the phone system knows the vpn client network and route packets this way
the PC does the routing between the soft phone and the rest of the world.

Lagcat · Post by **Lagcat** » 26 Jul 2024 06:21

thanks for your reply

yep I agree 255.255.255.255 is normal for VPN and I am trying to explain to our Alcatel/phone engineer its by design not something we have ever changed

but the softphone is selecting the mask of the VPN rather than the local PC which would generally by a home subnet 255.255.255.0 - is there a way to force this? as then we could define this better or a config file somewhere we can overwrite requirement/setting

our Alcatel system has lots of domains/regions as we have a large amount of sites and gateways - so we have worked on all the subnets to the correct IP domains and this is out last one we are stuck on and all because the /32 mask that the client is supplying back to Alcatel that does not match

Post by **frank** » 26 Jul 2024 22:02

But this used to work? I think in the documentation, there is a mention about a INI file which can be edited. That's where you should be able to change the settings.

Lagcat · Post by **Lagcat** » 29 Jul 2024 08:41

Hi Frank

thank you for your replies
would you have this documentation anywhere so I can have a read?

or any idea where in the INI file this is?

Post by **frank** » 29 Jul 2024 11:57

Attached to this post

Alcatel Unleashed

IP Domain - /32

IP Domain - /32

Re: IP Domain - /32

Re: IP Domain - /32

Re: IP Domain - /32

Re: IP Domain - /32

Re: IP Domain - /32